WordPress was updated to 2.1.2 overnight after it was found that one of their download servers was compromised and malicious code introduced into version 2.1.1 to include code that would allow for remote PHP execution!
From the WordPress site:
What You Can Do to Help
If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.
If you are a web host or network administrator, block access to “theme.php†and “feed.phpâ€, and any query string with “ix=†or “iz=†in it. If you’re a customer at a web host, you may want to send them a note to let them know about this release and the above information.
This only affects you if you are hosting your own copy of WordPress and it is version 2.1.1. If you are on any other version or are on WordPress.com then you can safely ignore this.
Well done for spreading the word… hopefully most of the altered 2.1.1 installations will be upgraded before they’re exploited.
There’s upgrade installations on the WordPress site, but I’ve detailed the steps I used in case it’s helpful to anyone at: http://blog.preshweb.co.uk/?id=15