Dr Dave has announced that there is a security exploit affecting WordPress 1.5 and WordPress 2.0.
In a nutshell, stuff could happen to your blog if you don’t turn off “Anyone can register” on your WordPress options. If it’s on, DO IT NOW. Dr Dave adds that you should also disable any guest accounts you are unsure about.
I have no idea what the hell is going on - but take it from Dr Dave and disable it now. There is no real known proof about this exploit, but I am going to take it as a matter of trust to a respected blogger who is also the developer of Spam Karma. Let’s hope the WordPress dev guys realize this and patch it - really wicked quickly. Do not hesitate - disable it on your blog now. Dr Dave can’t give us anything on the exploit since not enough blogs are protected now - information may fall in the wrong hands and the exploit may come.
The last word is to take Dr Dave’s word - he’s tested it and it’s “shown to exist with varying levels of danger on all versions of WP up to the very last one.”
Notified by Kamigoroshi on IRC.