This post is way old, but people using WordPress still get hacked constantly, so this post we put together may be of some help if you are having problems with wordpress security!
Just realized that a lot of people were hit with this latest WordPress Blog Attack – Its a MySQL Injection that screws up your permalinks and in turn makes you blog post links not work! So I figured i’d write up this quick post to help some people out!
It appears that yesterday, many wordpress blogs got hit with this nasty hack that appended a
to your permalinks which rendered your blog post links useless unless someone physically removed the infected string of code from the URL
To fix things:
This should fix it. Don’t forget to upgrade your blog to the latest version.
Hope this helps everyone! You can also delete the hidden user from PHPMyAdmin directly from the database, whatever you are comfortable with.
UPDATE: Mashable has written about this issue here.
NEWEST UPDATE: WordPress Responds to Attacks
NEWEST UPDATE: OFFICIAL RESPONSE FROM WORDPRESS
Here are some other good posts on the topic and have other examples that may be more specific to your issue: