Late yesterday, the accounts of several popular plugins on wordpress.org were compromised, including the AddThis plugin account. Malicious code was inserted into these plugins, opening a backdoor for potential third party code to execute on your server. The issue affected version 2.1.3 of the AddThis plugin, and you will be affected only if you downloaded that version yesterday or this morning. We have also patched the plugin as of this morning, and version 2.2.0 is fully certified.
WordPress has reset all accounts, and is updating status in this post.
All users of the AddThis WordPress plugin are STRONGLY encouraged to upgrade to the latest version (2.2.0) as quickly as possible, especially if you updated or installed version 2.1.3 of the AddThis WordPress plugin (June 20, 2011) yesterday or (June 21, 2011) today.
In order to upgrade, please visit the upgrades page inside your WordPress instillation. You can also grab the latest version from the WordPress repository
We will continue to work with the WordPress team on this. If we have more information, we will update this post.
The AddThis Team