Security focus has published information regarding WordPress HTML Injection Vulnerability which may allow attackers to inject PHP code straight into your WordPress blog.
This can lead the attackers do nasty things such as deleting your post, defacing your blog, dropping your entire post (read: delete all your post !) and other dangerous attack. This particular vulnerability affects all WordPress release from 1.2.1 to 2.0.5, WordPress 2.0.6 (currently in RC2) is not affected by this vulnerability.
WordPress bloggers are advised to apply patch released from WordPress team in order to secure their blog from malicious users.
Applying the patch is simple, all you need to do is download the zip archive from WordPress Trac, unzip it and upload wp-admin folder to your WordPress host, overwriting the old template.php file.
Thanks to Faizi for blogging about this.
[tags]wordpress, open source, blogger, blogs, blogging, blog, security,exploits[/tags]