Many WordPress blogs were infected by a malicious plugin named ToolsPack. This plugin is a backdoor that allows any attacker to execute arbitrary PHP code on the infected website. The plugin contains only one file named ToolsPack.php. This file contains the backdoor.
Remove this plugin from your website. Delete the ToolsPack plugin directory from your WordPress /wp-content/plugins/ installation.
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)
WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)
WordPress Plugin Sniplets Multiple Input Validation Vulnerabilities (1.2.2)
WordPress Plugin Codestyling Localization Multiple Vulnerabilities (1.99.30)