Dr Dave, der schon gestern von mir gelobte Autor des SpamKarma Plugins, hat heute eine ziemlich dringend und ernst formulierte Warnung an alle WordPress-User im Begrüssungsdialog des Plugins angebracht.

MAJOR SECURITY ANNOUNCEMENT
Affecting all WP users (this is not specifically a Spam Karma problem). Please immediately disable 'guest user registration' on your blog if it's enabled and advise all your friends to do so (...). I cannot give too much technical details as it would further endanger vulnerable WordPress users, but trust me this is not a joke.

Näheres steht in seinem Blog: critical announcement to all wordpress users und followup on wordpress