As per this article on Slashdot:
The recent 2.1.1 release of the popular blog software Wordpress was compromised by a cracker who made it easier for to execute code remotely. This is interesting because the official release was quietly and subtly compromised, and has been in the wild for a few days now. There’s no word on if any affected sites have been compromised, but anyone running Wordpress is urged to upgrade to 2.1.2 immediately, and admins can check their logs for access to ‘theme.php’ or ‘feed.php’, and query strings with ‘ix=’ or ‘iz=’ in them.
While I am upgrading, the site might be unavailable, act funny, or what have you. Everything will be back to normal in a moment. If it isn’t, trust that I’m either working hard on solving the issue or crying in a corner. Thank you for your patience.