It seems that the popular blogging platform WordPress suffered a compromised that resulted in the release 2.1.1 files getting backdoored by the attacker. 

If you downloaded WordPress 2.1.1 since about February 25th your downloaded installation could contain files that have been compromised by an attacker that compromised one of the WordPress servers.

The attacker gained user-level access to one of the servers that hosts wordpress.org, the attacker then used this access to back files within the WordPress 2.1.1 release. At this time the maintainers of WordPress believe that these are the only files compromised by the attacker, and have taken steps to secure the site for further investigation.
In the mean time they have published WordPress 2.1.2 which contains clean source without the backdoored files. They have also reset all user passwords for various users with SVN and other access to services on the WordPress site as a precaution.

In the event you have been unlucky enough to have downloaded the affected release it is recommended that as soon as possible you download the new release to install. When installing it is recommended that you delete your entire installation and install from scratch to ensure that there are no traces of the backdoored release left behind.

We would also recommend that you change passwords for all user accounts in the database used on your server as a precaution, along with any system account passwords. Finally perform a check of system activity to see if there are any signs of attack and double check the system for Rootkits or similar to ensure that if the machine has been compromised nothing nasty has been left behind.

You can read the full details here on the WordPress site. 

Add this page to your favorite Social Bookmarking websites