It seems after the brief period of quiet and uncertainty the main cause of the vulnerability attacking WordPress blogs was revealed. The security magazine over at darkreading.com noted that is was the storing of critical information as plain text in the database is what left users exposed.
Earlier i had noted that there was a problem with sites going down, and on a variety of different hosts as a result of some malware, that used SQL injections.
“The attacker basically created a scanner to locate all configuration files containing incorrect permissions” – darkreading.com