I manage two WordPress sites (http://www.altemusprime.com, http://www.wasserwerks.com) and yesterday I received notification from two different sources that each site was hacked and was hosting phishing attacks. The only common threads between the two sites is that both are running WordPress and both are managed by me. One site is owned by me and hosted on Zerolag while the other site is owned by someone else and hosted on GoDaddy.
Both sites were updated to 3.2.1 shortly after that version was released as were the themes and plug-ins for each site. Somehow someone was able to place folder(s) into each sites wp-content/uploads subdirectory. The GoDaddy hosted site, wasserwerks.com, had one folder called "wassa" and a single file called "wassa.htm" that I was able to clean out myself. The attack on the Zerolag hosted site was much more involved, with a couple dozen folders, including one named "altem" added to my wp-content/uploads subdirectory and files distributed through my directories. The Zerolag people are working on that now.
Is anyone else experiencing this?