Basically, a script is added so that if a visitor comes from Google, she will then be redirected to another search engine. Here’s the exploit explained further. WordPress.org Support Forum moderator Moshu mentioned that:
If you read the posts above – it is always older versions and not 2.5.1. That’s the point. People don’t upgrade = get hacked.
Nevertheless, some users also insist that this also hits 2.5.1 blogs as well. An explanation could be that the exploit has been done prior to upgrade, so that even after upgrading to 2.5.1, the damage has been done. But then, forum user tijja reports that:
Nope…I can see from my traffic when I was hacked. It is pretty easy to see when I had a drop of over 1000 people a day and it was last week….long after my upgrade to 2.5.1.
This is getting pretty convoluted, and I expect an official blog post will surface in the next few days to clear this stuff.
Last Update: Donncha, explaining the whole thing.
Update 2: There is no zero day exploit.