In one of his latest blog posts, David Kierznowski announced a Feedsmith Feedburner vulnerability:
Feedsmith Feedburner plugin for WordPress is vulnerable to a CSRF attack that can allow an attacker to completely hijack blog feeds. In other words, if an attacker can control the Feedburner plugin, it means 100% of traffic will be hijacked [and] can then be used to track all [hijacked] subscriber traffic and usage.
Proof of concept code is located at blogsecurity.net.
According to Mr. Kierznowski, Google responded quickly:
The guys at Google have been great and have just released a brand new version of FeedSmith Feedburner (v2.3).