there is an exploit that allows you to get the admin hash in 2.0.6 and lower.
wordpress automated password gets cracked very fast so probably your password was compromised, you should change it.
Also i’ve notice in php-nuke that there are some themes that add hidden links, this is possible also in wordpress so you should be carefull when downloading themes also.
Excuse my english.
Best reggards.
i’ve been doing some nasty things and once you get the password of the admin of a wordpress there isnt much to do… unless this website has the plugin you mentioned, that allows you to execute you own code and do nastier things 😛
Maybe it would be better if wordpress has an official plugin for executing php which can be downloaded separete if you need it. That would solve the support problem without putting all blogs in “risk”.
Excuse my english.
best reggards.
