I just upgraded my old (don’t even know what the old version was) WordPress to the latest 2.5.1 because somebody hacked into my site and added bunch of hyper links in my latest post. And it was very clever that the hyperlinks are not shown in the browser since the position of the div is out of screen. But probably search engines will see the links and increase the pagerank or simliar action could have been done I guess.
Anyway, the migration was very easy except that I had to redefine the tag keywords from the old UTW (Ultimate Tag Warrior 3) to the WordPress.
I guess my blog was attacked by this admin-ajax.php vulnerability. They say that a hacker can run the SQL query through admin-ajax.php.
Here are some of the blogs explaining the vulnerability.