Vulnerability in old Wordpress

Sometime ago I got an email notification from google with the following content:
“Dear site owner or webmaster of …,
While we were indexing your webpages, we detected that some of your pages were using techniques that are outside our quality guidelines, which can be found here: http://www.google.com/support/webmasters/bin/answer.py?answer=35769&hl=en. This appears to be because your site has been modified by a third party. Typically, the offending party gains access to an insecure directory that has open permissions. Many times, they will upload files or modify existing ones, which then show up as spam in our index.”

I immediately checked html source of my blog, and couldn’t find any outgoing hidden links. Then I checked my page in google cache typing site:mysitename.com and found there a batch of spam links.

Ha ha, tricky spammers could inject special code which display links only to google, when usual user with browser check the page those links not shown.

Then I checked some other blogs of my customers and found the same. I promptly removed all files and updates wp on all sites.

I found that almost all sites with old wordpress versions had this.
So I highly recommend you to check your old version wp’s for this issue, or better immediately move to new version.