Edd Dumbill: “All releases up to and including version 1.0 of XML-RPC for PHP have a serious security vulnerability, allowing hostile remote clients or servers to execute arbitrary code on your machine.” Update now.