Many bloggers are busy or just don’t feel the need to upgrade on a regular basis. However, many upgrades are for or at least include, security features.
When a security breach is found hackers are more than aware of these breaches and know which blogs to attack. Currently there are numerous blogs being attacked. Do yourself a favour and upgrade before you are one of them.
Writes Lorelle on her WordPress-centric blog:
There are two clues that your WordPress site has been attacked:
First, there are strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
If you have already been hacked see this thread for fixes.