While WordPress 2.0.6 is still hot a serious security defect (SQL injection attack) was found and fixed in WordPress 2.0.7, which is currently available as RC1 (release candidate 1). The key defects fixed are: Security defect Worked around a PHP bug for PHP 4.x less than 4.4.3 and PHP 5.x less than 5.1.4 with register_globals ON that could potentially lead to SQL injection and other security breaches.