An urgent security update has been issued for WordPress. This release, version 2.1.2, removes “highly exploitable code” that was added to the WordPress download by a malicious individual.
This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code . . . Although not all downloads of 2.1.1 were affected, we’re declaring the entire version dangerous and have released a new version 2.1.2 that includes minor updates and entirely verified files. We are also taking lots of measures to ensure something like this can’t happen again.
WordPress 2.1.1 was the only download altered, so users of WordPress 2.0.9 should be safe. More information about this issue can be found here.