A new version of WordPress was released overnight. It’s a security fix. I was expecting a new release soon as I’d seen a few exploits for WordPress 18.104.22.168 floating around. I believe one of em allows “admin” type users to be added. Below is what the WordPress development blog says about the new release.
We would like to announce that WordPress 22.214.171.124 is now released as we continue the availablity of a highly stable and extremely popular branch based on the 1.5 Strayhorn codebase. Development has moved on to some exciting new features for the next major release, but an important security issue was brought to our attention which required an update for our users. The problem is not yet public but you should update your blog as soon as possible to 126.96.36.199. If you are unable to do upgrade in the short-term you may protect yourself by deleting the xmlrpc.php file from your WordPress directory.