Plugin Name : malware-finder
Effected Version : 1.1 (and most probably lower version's if any)
Minimum Level of Access Required : Unauthenticated
PoC - (Proof of Concept) :
Vulnerable Parameter : query
Vendor Contacted : 2014-01-21
Malware is a huge challenge in managing a Wordpress blog, not to mention that it can take hours to find where malicious code is hiding. But most likely you have access to at least one file (i.e. your homepage) that has been infected with malicious code. Just paste a small piece of that code below and the plugin will search through your entire Wordpress installation, providing the EXACT locations of the infected files! Please note that you WILL NOT be able to use this plugin if you are UNABLE to access your Wordpress Dashboard.