According to a story in a March 5th story at CBC News, a cracker modified version of the WordPress blog software was made available for download (“Attacker adds vulnerability to WordPress blog software“).  Users who downloaded version 2.1.1 over the past three or four days should immediately download and install 2.1.2.

The vulnerability inserted by the cracker, rated at the highest level of severity by Secunia ApS, might allow an attacker to retrieve passwords or alter and delete files.