Today’s news comes as a warning to all self-hosted WordPress users. If your WordPress is not updated to the latest version 2.8.4 then you are under risk…..huge risk.

There is a new worm spreading fast that can install malware and spam in your posts published on a self-hosted WordPress blog(yes, even WordPress can be infected). Once installed, all your information becomes available to hackers. This warning unlike other previous warnings comes directly from Matt Mullengen, founder of WordPress, because….ummm…its tough to catch.

According to Matt, “It(the worm) registers a user, uses a security bug(fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.”

The vulnerability that allowed the attack was fixed earlier in mid August by WordPress and they encouraged users to upgrade to latest version 2.8.4, but most users have still not upgraded.

Those who haven’t upgraded yet, there is a good news for them. The worm is spreading quite fast and there is a chance…huge chance….that your blog might get infected.