There appears to be a few lines of code within wp-login.php of WordPress 1.2.1 (Mingus) or 1.3-alpha-5 that could allow someone to …bah. I can’t explain it as well as the others, and it’s really late (early) in the morning. I basically just got home to find that I needed to fix this.
The IT Kitchen got hacked, and Shelley wrote on how to repair it. I would’ve never found out about this if my links page didn’t indicate that podz had a new post today. I love RSS and blogs. I hope more people realize how great those tools really are.
I’ll clarify. With a default WP 1.3 alpha download, it’s in lines 48 and 49; with a default WP 1.2.1 download, it’s in lines 153 and 155. WP 1.2 users should update to 1.2.1.