Today my WordPress 2.7 blog got hacked by a friend of mine. He said he was able to do this and i wouldnt believe him so i took the risk :)
He took over my admin account, created a new password for it and changed the e-mail adress of it.
Lucky after all, it was a friend of me, but this should not be possible,... right?
He told me he used sql injection on it. Is this a known bug?