As a customer and affiliate of Sucuri, we are advised when vulnerabilities are identified. Please read the following blog post and update to the newest version if you are currently using the MailPoet plugin for WordPress.
Our research team found a very serious vulnerability in the MailPoet Plugin for WordPress that allows an attacker to upload files remotely to websites running the plugin that have not updated to VERSION 2.6.7, which was released a few hours ago (July 1, 2014).
In order to secure your website if you’re using the MailPoet Plugin (and over 1.7 million sites are), make sure to update the plugin immediately. If your website scans show an infection, be sure to quickly open a malware removal ticket so that we can help.