Do you know which information WP pass to the server to get the update downloaded? Maybe WP pass some sensible data to the server? (maybe wootheme login information)
… maybe nothing as it is through WP repository
Thanks to share this information with us.
Do you have found any dirty action related to this plug-in? Looking into the code seems to me that there’s nothing to be scared for.
The same thing happens to me.
I suggest you to delete plugin and re-install WooThemes 1.4.2 version, and also change your administrator password on WP.
Also have a look to your database.
