Dr Dave has written a warning for WordPress users regarding a possible security problem.
He doesn’t go into details (probably a good thing) but warns people to turn off the ‘Anyone can Register’ option on your WP blog and delete any guests that you’re unsure of. He writes:
“Leaving it open and letting people sign-up for guest accounts on your WordPress blog could lead to incredibly nasty stuff happening if anybody so desired. And trust me I am not exaggerating this. So don’t wait a second to disable this option and please relay the message.”
I’m not sure how valid his concerns are and haven’t heard any official word from WordPress to this point but it’s probably worth considering.
I’ve contacted Matt from WP for a comment and will update with what he has to say.
update: Just spoke with Matt. He’s not aware of the issue and can’t tell by the post if it’s something worth being worried about or not – but he’s going to contact Dr Dave to see. He also mentioned that 2.0.4 will be out shortly and it could be something that is resolved in that upgrade. All seems to be in hand.