As far as I am aware off, there is a remote exploit in the 18.104.22.168 version of WordPress. Now I don’t know why Matt is taking so long to come out with version 1.5.2 seeing that the fix has already been out for a while but putting that aside for those of you who does care about security here is the fix for it straight from the WordPress Development Site.
Now all you have to do is download that file and upload it via FTP into your wordpress folder replacing the old “wp-settings.php” file.
It’s that easy.
A word of advice…it’s best to be safe than screwed. We wouldn’t want another Xiaxue episode to come out for some of your WordPress blogs now would we?
Alternatively, I found out from this site that if you don’t want to upload the file, you can just add this line to your .htaccess and it will result in the same thing as well.
php_flag register_globals off
It appears that the code for the htaccess may not work on some hosts which don’t allow you to set a “php_flag” so the first option of uploading the fixed wp-settings file is still the best option.
More detailed information and instructions on the matter can be found here.