If you didn't catch the news (was mentioned in some threads, but not top-level AFAIK), check out this link: http://wordpress.org/development/2007/03/upgrade-212/ It's the sort of thing you first think is a hoax, or some April Fool's joke. But it's true apparently - dodgy code got planted in WP 2.1.1 by some hacker, so make sure you update ASAP! markowe