Today I fired up my browser and got to this quite interesting story running on Slashdot:
GrumpySimon writes «The recent 2.1.1 release of the popular blog software WordPress was compromised by a cracker who made it easier for to execute code remotely. This is interesting because the official release was quietly and subtly compromised, and has been in the wild for a few days now. There’s no word on if any affected sites have been compromised, but anyone running WordPress is urged to upgrade to 2.1.2 immediately, and admins can check their logs for access to ‘theme.php’ or ‘feed.php’, and query strings with ‘ix=’ or ‘iz=’ in them.»
What does that mean? Upgrade to WordPress version 2.1.2 (or greater if available) ASAP!