I had been using Suffusion happily on one of my sites.
Yesterday my host disabled my site entirely due to a serious hacking episode - leading to hundreds of spam emails being send out and a general messing up of my site.
My provider pinned this down to a malicious script continued in part of the Suffusion theme, specifically:
'The actual compromise appears to have been happened back in January - related to the Timthumb plugin in the Suffusion theme.
More information is available here, http://wordpress.org/extend/plugins/tim ... y-scanner/
Essentially though, that theme, or the plugin specifically lets attackers do what they want on your site - it's as if they uploaded the files themselves - as the timthumb plugin lets them pull in code from anywhere they wish.
Once this initial file has been run, they can write their own PHP code to run exactly what the wish, including spamming, redirecting, phishing. It's a very nasty hack.'
This could have been more serious if my hosting company had not been vigilant.
I would, respectfully suggest that this is looked into and put right. Until then, I will be straying well clear.