Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: phranque
If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker (...) It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. (...) They modified two files in WP to include code that would allow for remote PHP execution.
The patched version, 2.1.2 is available for download now from the WordPress site, and according to the developers, version 2.0 files were not affected.
WordPress 2.1.1 was released on February 21st 2007, so if you installed WordPress between then and March 2nd, you should upgrade without delay.