A successful attack was made on the WordPress 2.1.1 download. The attacker modified the files theme.php and feed.php. These modifications created a backdoor which would allow a user to gain privileged access to any server running WordPress 2.1.1.
All users have been requested to update immediately to WordPress 2.1.2. Users who access updates through the Subversion repository were not compromised.