About 14 hours ago WordPress.org they gave an announcement warning that the version wordpress 2.1.1 available to download on their server 3-4 last days has files that contain a exploit. According to them, the cracker was a person with access to the server wordpress.org, this allows you to edit two files. It doesn't matter now who the cracker was. The important thing is that everyone who downloaded and installed wp. 2.1.1 in the last days to do urgent upgrade.
I do not want to think about how bloggers must make urgent upgrade 2.1.2 the new version.
If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
....
If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.
If you have a web host or network administrator, block access to "theme.php"And"feed.php", And any query string with" ix = 'or' hint = "in it. If you're a customer at a web host, you may want to send a note to Let Them Them know about this release and the above information.
source: WordPress.org
