Hacked by theme-editor.php POST Injection?

Hi there,

Just this morning, I have noticed that my blog was running quite slowly. Not the admin pages, but just the pages that are public.

I took a look at the html of the page, and to my surprise, it was around 500KBs long! The culprit? At the end of my page, there were thousands of lines of html code injected, with “display:none” specified (as to only appear to text readers… aka search engines).

I went to the root folders of the site in question, and it seems that blog had been hacked (with physical files added to their folders).

So I deleted the html from my footer.php.

This evening, I encountered the same thing, pages loading slowly, and not surprisingly, there was the same thing (although now, the links are different).

Screenshot of a portion of the footer: https://i15.photobucket.com/albums/a397/samburgers/injection1.gif

Then going to my FTP, I found the modification date to the footer.php file, which was Mar. 27 10:07pm

Screenshot: https://i15.photobucket.com/albums/a397/samburgers/injection2.gif

Thirdly, viewing my raw visit log from my host’s cPanel, I see that the person was able to inject code into my themes using POST injection methods?!

Screenshot: https://i15.photobucket.com/albums/a397/samburgers/injection3.gif

There are no other files that have been modified, and the ip range has now been banned from my site.. but this worries me…

Is this something WordPress should look into to fix?