According to the researchers, the problem stems from a vulnerability in a slideshow plug-in called Slider Revolution, or as the security researchers refer to it, RevSlider.
Hackers have used this vulnerability as a point of penetration where they can upload a backdoor and infect malware into all websites that share the same server account. Basically, this means that even Wordpress sites that don't use the RevSlider plug-in can be infected, too. Yikes.
To make things worse, it appears the malware evolves. According to the researchers, some sites are showing variations of the malware. The first versions of the malware discovered used two files, while some later discovered used three.
Read MoreMaking money with cybersecurity ETF 'HACK'
If you use Wordpress as your own content-management system and want to know if your site has been affected, the folks over at Securi suggest using their free SiteCheck scanner for a check-up.
—By CNBC's Cadie Thompson.