Rather than retyping it all, I'll link to my Digg article I wrote on it. http://www.digg.com/security/Popular_WordPress_Plugin_Digg_This_Blog_Security_Vulnerabilities_Found If you use Digg, please digg it to spread the word. The upgrade/patched version is here: http://www.harrymaugans.com/digg-that/