I was on WP 2.2 and my blog was hacked. It's very subtle because they don't want you to notice. They slipped in a plugin that deactivates all my plugins. The goal being to deactivate Askimet and my other anti-spam plugins.
Luckily I moderate all comments even though I use anti-spam plugins so they never were posted but I noticed I was getting a lot of spam comments that were getting through before then Askimet always caught them and sent them to spam hell without me even looking at them.
These are obvious spam comments, you know the ones with a 100 links to ***** or rx sites.
I saw the spike of these spam comments in my moderation queue but I still didn't put 2 and 2 together. My site was still up (it's not like they plaster an "owned" sign on my blog). Like I said they don't want you to know.
I finally caught on when I went to use my SLM plugin to add an affiliate link and it was gone. I was very confused about that So I went to my site and paid a close look and noticed some of the sidebar stuff (which is powered by plugins) were gone.
So I went to check and sure enough all my plugins were deactivated. I re-activated them. I changed my password and sent a support ticket to my host.
Support suggested upgrading to 2.5 which he says prevents these type of hacks. During that time the hacker plugin did it's thing again. So I had to re-activeate all of them again.
My host support finally found the hacker plugin. It's not just listed on your plugin menu they hide it. So he deleted and now I'm back to normal.
Side effect is while that plugin was running I couldn't post. Instead of publishing my post it would just save it as a draft. I also had my about page deleted. Now things are back to normal.
I don't know if v 2.5 would help against this or not but you might as well as upgrade to the latest version since they address these type of vulnerabilities.
Keep an eye on your blog and always moderate your comments even if you have anti-spam plugins activated.