The IT Kitchen was recently hacked, and because of that, Shelley has found a critical bug in both WP 1.2.x and 1.3a. She provides the full details on what is wrong and how to fix it. There is also a thread in the forums that details the bug and the fix for it.
This was actually an already known bug, but unfortunately the WordPress forums don’t really explain what to fix to prevent it from happening in that post, and there hasn’t been much of a public push to fix the code. Until now.
If you’re running WordPress, please visit Shelley’s site and fix the code to prevent this from happening to you.
I repeat … DANGER. DANGER. IF YOU ARE RUNNING WORDPRESS, FIX THE CRITICAL BUG NOW.
(Do you think that will get people’s attention?)