The official WordPress development blog is reporting that WordPress version 2.1.1 was compromised by a malicious hacker and anyone who downloaded that version in the past several days needs to upgrade immediately to version 2.1.2. Many more details at that link; I checked the two files they mentioned (feed.php and theme.php in the wp-includes folder) and I got one of the infected versions! If you do a “diff” and compare an infected file with one from the 2.1.2 download the infected line becomes obvious. The vulnerability, as far as I can tell, allows an attacker to easily execute any command on the system that’s allowed by the user PHP is running as by using a specially (but easily) crafted query string. Don’t try it on me, I just patched :-) The new version fixed a but I was getting in the administration area where I couldn’t add new categories on the fly while writing a post, which is a nice added bonus.

Thanks to a post from security blogger Martin McKeay that was my first warning!