We've been getting a LOT of reports of people who've suddenly noticed their sites have some weird stuff in the URLs. Notably "eval" and "base64_decode".
http://wordpress.org/support/topic/307652
http://wordpress.org/support/topic/297639
http://wordpress.org/support/topic/307518
So far, all of these reports (that I can find) have been on people running older versions of WordPress.
YOU NEED TO UPGRADE TO THE LATEST VERSION OF WORDPRESS.
Security updates are for everyone. If you're running an old version, then you're vulnerable.
See, once a security problem is fixed, then hackers know about it too, and they can create scripts that automatically scour thousands and thousands of sites, hacking each and every one of them and inserting their malicious code.
So if you don't upgrade, you will get hacked. It's not a matter of "if", it's a matter of "when".
Don't wait to be hacked.
UPGRADE YOUR SITE RIGHT NOW.
If you've already been hacked, then you have to fix it. And that's no fun at all. Here's some guides to help you out:
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://www.journeyetc.com/2009/09/04/wordpress-permalink-rss-problems/
BTW, merely upgrading after you get hacked is useless. All modern hack methods insert backdoors into the system, allowing you to be rehacked at any time after that, even if you upgrade. Unless you find and clean up those as well, you're sure to get rehacked even if you upgrade. So upgrade regularly. Prevention is the only real cure.
