Even if nothing is officially published from the authors at the time writing up this thread, it appears there is a critical security vulnerability within PhotoPost vbGallery 2.4.1, SQL injection type.
It's strongly encouraged to disable the plugin waiting for further news in the source link below, this may be a false warning but also a real one.

Sources:

My site was hacked - PhotoPost Community (http://www.photopost.com/forum/showthread.php?p=1213648)
Forum Hacked - Need Some Assistance - vBulletin Community Forum (http://www.vbulletin.com/forum/showthread.php?t=255020)

Vulnerability has been confirmed with an available fixe here, looks like a bad apache directive which has been used to upload malicious files finally:

PhotoPost vBGallery Important Security Bulletin - PhotoPost Community (http://www.photopost.com/forum/showthread.php?t=134910)