I’m noticing a theme in todays posts….
Apparently, some enterprising young hacker gained user-level access to one of the servers running wordpress.org and modified the original code for WordPress 2.1.1 to include some exploitable code. If you have downloaded 2.1.1 in the past 3 or 4 days, you should go download the latest release, 2.1.2, as they have removed the code and secured thier servers, including taking the hacked server offline for a couple rounds of computer forensics.
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.
This is the kind of thing you pray never happens, but it did and now we?re dealing with it as best we can. Although not all downloads of 2.1.1 were affected, we?re declaring the entire version dangerous and have released a new version 2.1.2 that includes minor updates and entirely verified files. We are also taking lots of measures to ensure something like this can?t happen again, not the least of which is minutely external verification of the download package so we?ll know immediately if something goes wrong for any reason. Source: WordPress 2.1.1 dangerous, Upgrade to 2.1.2
If you update your blog from the SVN repository you’re okay, none of that code was touched. Version 2.1.1 was the only version affected, so, 2.0 downloads should be fine too. If you are a webhost, or run your own server, they have some instructions as well on things you can do to block it at the server level.