Fear and panic!
This article explicitly mentions WordPress as being vulnerable to a newly discovered security hole in the underlying PHP XML-RPC libraries.
This WordPress support article outlines a couple of fixes.
- Uprade to WordPress 18.104.22.168
- Or, if you own the server (as I do):
pear upgrade XML_RPC
And all is now right with the world.
via: Daring Fireball