WordPress is Backdoored
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately. - WordPress.com
This is not the first time such a situation has occured. A number of vendors over the years have had crackers backdoor legimate software. This is a very gloomy day for WordPress indeed. Since I released the Template CSRF exploit for WordPress, we have seen the UTF-7 SQL Injection exploit by Stefan Esser, other XSS vulnerabilities and now a backdoor.
It may be time for me to re-look my WordPress Securify plugin which currently is only recommended for advanced users due to it still being in its BETA phase and may have some issues of its own.