This just out, latest nasty attack aimed at self hosted WordPress:

Mashable on the Attack

How to know if you've been affected:

  • In your permalinks, look for additions that looks like:
    ...eval(base64_decode...
  • Also check your users, you may have an additional admin user – look for one you don't recognize.

Read more details at Lorelle's blog: Old Versions of WordPress Under Attack. There's also detailed instructions on how to recover if you've been attacked and hacked.

If you haven't, check your site and upgrade now!

Latest version of WordPress