All WordPress users who downloaded and installed version 2.1.1 are being told they should upgrade to version 2.1.2. Earlier versions of Wordpress are not affected.
User-level access was gained to one of the wordpress.org servers and the download file was modified.
The compromised code was distributed through the wordpress.org site.
The WordPress developer is saying:
User-level access was gained to one of the wordpress.org servers and the download file was modified.
The compromised code was distributed through the wordpress.org site.
The WordPress developer is saying:
Here is a link to the complete details on this very important issue http://wordpress.org/development/2007/03/upgrade-212/If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. ... If you are a web host or network administrator, block access to 'theme.php' and 'feed.php', and any query string with 'ix=' or 'iz=' in it.