According to a post on the Full Disclosure list, all you sysadmins are going to be busy updating the default configuration of a popular WordPress plugin which allows database cache keys to be downloaded on vulnerable installations which could expose password hashes. Read the full post here.