According to WPSecurityLock there are various reports that a unknown exploit is compromising several WordPress blogs, this exploit is affecting even the latest version wp 2.92 running wordpress sites, not only wordpress sites the exploit is also targeting other PHP-based management systems, such as the Zen Cart eCommerce solution.
The interesting nature of this exploit is, similar to iframe virus it is injecting a script in php files (.php files like wp-config.php) and installs a malware, but it is not detected by website malware scanners and even it is hiding from Google safe browsing API, which is used by Firefox and chrome to alert or block malware sites.
At first it was thought that the attack was only on blogs hosted at Dreamhost ,GoDaddy, but it isn’t limited to specific webhosting site the only similarity is it is affecting blogs on shared severes.
At present the exploit is unknown, Experts say’s that problem didn’t originate in WordPress, because the infected sites would be much much bigger .At this point the problem seems to be from vulnerable plugin or some loop hole in shared hosting sites.
Below video shows, how easy to comprise a website on shared servers: