WordFence, the people who discovered the cloaked content on the plugin (read previous post if you missed it) has apparently received a lot of flack for their post and how they handled the information they received. They have since published a wonderful article IN DEFENSE of their original, stated “why” they still feel they have helped the public by revealing what they did…most notably to me was that the cloaking was REVEALED in their T & C (the plugin author’s T & C) …however in a place most would never find it unless they read the entire long document carefully, word for word, all the way to very end; AND by the fact that this is not a hole in their plugin, but that it was specifically coded in to it by the author. There is much more, the extended results of the malware, the sites it links to that will infect your machine, the adult content site that is not linked to a school website with a WordPress site, and much more. I highly encourage you to read it if you are one who is questioning their revelation of the malware.
or, if you, like me, are a fan of WordFence and appreciate all they do to keep our WordPress sites safe, …you can probably ignore it. (unless, also like me, you are simply a curious, “wants to have all the information” type person, lol in which case it’s a very good read.)
Oh, I forgot the link (almost) Additional post on 404 to 301 Plugin