We were recently notified of a SQL injection bug in the WordPress code. Matt patched the code and updated the archive on the downloads page last night. All users are encouraged to upgrade to WordPress 18.104.22.168.
The patch is very simple (it just requires one new line of code in the
get_category_by_ID() function), so if you don’t want to upgrade your whole installation, you can follow the instructions in the announcement. As a side note, the same fix applies to version 1.2, but at around line number 125 in the file.