The 2.1.1 release of Wordpress (the latest release until 12 hours ago) has been found to contain an exploit that allows people to execute any code they want. According to Wordpress it only affects downloads in the last 3 or 4 days, but just to be sure, everyone is recommended to upgrade to 2.1.2 immediately. Wordpress have made an announcement explaining exactly what happened.

Personally I think it is worrying that something like this could happen. I just hope that Wordpress are dramatically improving the security of their servers to guarantee that this will never happen again. Then again it is reassuring to see it was picked up and fixed relatively quickly and the information has been distributed.

I just installed WordPress 2.1 last night, and was just going to upgrade to 2.1.1 when I had some time over the weekend. Good thing I didn't. Thanks for the heads up, rvalkass.

This is freaky, when I logged into my admin panel and saw this news in the announcement, I immediately downloaded 2.1.2 and uploaded it into my site. I am thankful WordPress has shown to be diligent and tip top in terms of service. Imagine if those crackers actually executed remote procedures, what would have been the consequences? I have already made a post on my site regarding this as well

http://darran.trap17.com/2007/03/03/wp-211-is-dangerous/

i've read about this on my professor's blog, although i don't remember which version is installed in my blog. eh??? i rarely have time to update my blog, what more to upgrade it. it's kind of a hassle, especially since there are almost always updates to their program. i mean in just a span of a day they could probably jump from 2.1.1 to 2.1.2. my point is not everyone has the luxury of time to update their files, and if problems like these arise, it's very alarming.

oh well.

Thanx for sharing the info and alerting us. I was planning to upgrade all my WP 2.1 blogs to WP 2.1.1, but thank god I didn't do it. I've to upgrade them to WP 2.1.2 or wait till the cPanel guys update it in fantastico.