So, you need to have your wordpress admin page open and be logged in. And then click a link someone sends you, or you find online for this to be an issue. I think.
No -- not based on the logs I've seen.
This is the log of a hacked site:
Code:
GET /wp-admin/ HTTP/1.1
GET /wp-admin/admin.php?page=stats&noheader&dashboard&width=574 HTTP/1.1
GET /wp-admin/admin-ajax.php?action=dashboard-widgets&widget=dashboard_incoming_links HTTP/1.1
GET /wp-admin/admin-ajax.php?action=dashboard-widgets&widget=dashboard_primary HTTP/1.1
POST /wp-admin/admin.php?page=stats&noheader&chart=flot-stats-data HTTP/1.1
GET /wp-admin/plugin-editor.php HTTP/1.1
GET /phpshell.php HTTP/1.1
That all happened within 3 minutes.
I don't know what was posted, however. In each case, the user altered things before I was called to the scene. And as you would guess, the users made things worse -- and covered the tracks of the hacker in the process.
This is rather easily thwarted by having decent security on the site. Unfortunately, most users just deploy default, and do nothing other than add "security" plugins (NOT SECURITY!)
This happened back on 8/30, so an exploit is at least a month old now.
