Dr Dave is warning of a recently discovered security risk affecting ALL users on ALL VERSIONS of WordPress
If you are running WordPress as your blogging platform and if you have been trusting enough to leave User registration enabled for guests, DISABLE IT IMMEDIATELY (in wp-admin >> options: make sure “Anyone can register” is not checked).
Additionally, delete or disable ANY guest account already created by people you are not sure about.
Leaving it open and letting people sign-up for guest accounts on your WordPress blog could lead to incredibly nasty stuff happening if anybody so desired. And trust me I am not exaggerating this. So don’t wait a second to disable this option and please relay the message.
Obviously Dr Dave (famous for the Spam Karma wordpress plugin) cannot release details of the risk, but assures us that he has made the WordPress development team aware of the problem.
Hat-tip to Lorelle for the info.
Pingback: The Code Cave