Originally Posted by Ecchi22

There's new Wordpress exploit out there that can be dangerous..

Affected version is the newest one (2.6.1) and it works only if you have enabled user registration option.. It is disabled by default, so if you don't know what it is, relax.. But if you have it turned on, I'd recommend you to disable it for now, until someone post solution to this.

Attacker can change the Administrator password (but the real admin will receive the new password on his e-mail, so you'll notice it for sure)

Source: http://www.milw0rm.com/exploits/6397