As a precautionary measure, the site has force-reset all passwords. This means that users will have to request a new password using the standard process on their next login attempt. The organization also advised that anyone using the infected plugins should update them immediately to obtain a safe copy.
Although WordPress.org was quick to take precautionary measures to safeguard its own hosted blogs, it has no way to force users running the self-hosted version of the blog software to take the same steps. Anyone running the software should check to see if they’re using any of the infected plugins and, if so, update them as well as reset their blog’s administrative passwords.
Matt Mullenweg, founder of the blog site, stated that an investigation is underway to discover how the plugins became infected and made their way undetected onto the plugin database. In addition to this, the plugin database is being combed to ensure that no other plugins are infected.