A Russian malware called SoakSoak has infected over 100,000 Wordpress sites since this Sunday, turning blogs into attack platforms. It's a potential shitshow, and it could've been prevented earlier this fall.
Google has already blocked 11,000 domains to try to curb the damage. According to security firm Sucuri, the malware uses a vulnerability in a slideshow plug-in called Slider Revolution. The Slider Revolution team have fixed it with updates. The problem is that the old,vulnerable version of the plug-in is still bundled with Wordpress themes, so lots of sites are still using the wrong version.