To anyone who have downloaded and used WordPress 2.1.1, you must immediately download 2.1.2. Now!
An evil cracker managed to get into one of WordPress’ server and edited some file, resulting in the ability to remotely execute PHP codes. This is a very serious issue.
Even the F-Secure Weblog posted on this information here.
