Users who have downloaded the 2.1.1 version of the open-source blogging platform WordPress should upgrade all files to 2.1.2 immediately, since they could include <A HREF="http://securitywatch.eweek.com/exploits_and_attacks/wordpress_code_subverted_on_its_own_server.html?kc=EWEWEMNL030507EP35B">a security bug injected by a cracker</A> who gained user-level access to one of the servers that powers wordpress.org, according to a release posted on WordPress' site on Friday.
WordPress received a note on the project's security mailing address Friday morning regarding "highly exploitable code," the release said. After investigating the issue, the WordPress developers found that the 2.1.1 download had been modified from its original site. The Web site was taken down immediately for further forensic analysis.