For blog owners who run WordPress as their content management system software, old versions of WordPress are easy targets for hackers to take advantage of vulnerabilities. As to what those security holes are, I have no idea.
When my blogs themselves got hacked, I had to dig in Google to see how to such attacks will not happen again. I found out that there are security plugins for WordPress available to protect you from hacks. Prior to plugins though, the very first thing you should do is update your WordPress to the latest version.
After that, install two plugins that I heavily recommend, WordPress Firewall and WP Security Scan.
WordPress Firewall investigates web requests with simple WordPress-specific heuristics to identify and stop most obvious attacks. There exist a few powerful generic modules that do this; but they are not always installed on web servers and difficult to configure.
WP Security Scan scans your WordPress installation for security vulnerabilities and suggests corrective actions.
These two I think are sufficient in handling security issues that may affect your blog site. You can install other security plugins if you so desire.