A security vulnerability has been discovered recently in the Wordpress "GravityForms" plugin. This can cause the server to become infected enabling attackers to load malicious software. For example, massive spam can be sent via the infected web sites.
Versions up to and including 1.8.19 are vulnerable and could be affected by this. We therefore recommend users install the 1.8.20 update:
Monday, May 4, 2015