About 14 hours ago WordPress.org have given an announcement that warns that the version wordpress 2.1.1 available at download on their server in the last 3-4 days has files containing an exploit. As far as they say the crack would have been a person with access to the WordPress.org server, this allowing you to modify two files. Irrelevant now who was the cracker. It is important that everyone who have downloaded and installed WP. 2.1.1 In recent days to do upgrade urgent.

I don't want to think about how many bloggers have to do upgrade urgent at the new version 2.1.2.

If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

….

If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.

If you are a web host or network administrator, block access to “theme.php” and “feed.php”, and any query string with “ix=” or “iz=” in it. If you’re a customer at a web host, you may want to send them a note to let them know about this release and the above information.

Read more….

Source: WordPress.org