Yesterday a vulnerability on the WooThemes Framework was disclosed by Jason Gill on githumb:gist. The vulnerability allows a visitor to see and run the output of any shortcode configured on the WordPress site.
At this time this does not appear to be linked to the DDoS they experienced this week.
We are currently assessing the severity of this vulnerability in our labs. If in fact we find that something severely adverse can be performed with it, the next big concern will be that it can be exploited even if the theme is not active.