A severe shell-execution exploit has been released by rgod (rgod@autistici.org).
The vulnerability affects all versions of WordPress Blog System< =2.0.2. The good news - the exploit works only for WordPress sites where the "Self User Registrration" (e.g. /wp-register) is enabled, so for now you can "patch" your system disabling the Self User Registration. Mas info aqui