IPS is investigating a possible security exploit reported to us a few hours ago.
We are developing a fix for this issue now and anticipate its release tomorrow. Until the fix is released, clients are advised to delete the following file from their community:
interface/ipsconnect/ipsconnect.php
This will disable the IPS Connect service which is our system to allow for multiple sites to share one login. Most clients will not need this service but if you do use it then we still suggest you temporarily disable until a fix is released tomorrow.
IPS Community in the Cloud clients: we have already disabled this feature for you so you are not impacted by this exploit.
Update: Patches are now available.