According to a story in a March 5th story at CBC News, a cracker modified version of the WordPress blog software was made available for download ("Attacker adds vulnerability to WordPress blog software"). Users who downloaded version 2.1.1 over the past three or four days should immediately download and install 2.1.2.
The vulnerability inserted by the cracker, rated at the highest level of severity by Secunia ApS, might allow an attacker to retrieve passwords or alter and delete files.
Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be published in Q1/2013). Before joining the private sector, he served 10 years in the United States Army Military Police with four years as a military police investigator. He has an MBA and CISSP certification. He is also an online instructor for the University of Phoenix.