There is an exploit for WordPress available which reveals the admin user and the hashed admin password. WordPress versions lower than 2.0.6 on servers with register_globals=On are vulnerable. (The exploit script suggests that 2.0.6 is also affected, but this couldn’t be reproduced so far.) Everybody is urged to update to 2.0.6 as soon as possible.

Wikipedia provides some background on SQL injection exploits.