Yesterday, Thomas Scholz alerted me to a security weakness in WP-Cumulus. He noticed XSS hacking attempts targeted at wp-cumulus.php that could, in rare cases allow malicious code to be executed. This issue has been fixed in version 1.22, and I strongly recommend you upgrade straight away. It’s better to be safe than sorry, and the attack has already been seen ‘in the wild’.
WP-Cumulus can be downloaded here, but chances are your blog will notify you of the new version and allow you to upgrade automatically.