A security flaw was identified for BlogEngine.NET version 1.3.0.0 and the team was quick enough to announce and release a patch.
Check the following link for details: Critical Security Patch Available [more]
It is unfortunate that the issue could not have been handled more
discretely. If you are blogger writing about the issue, we'd hope that
you could refrain for spelling out exactly how to attack sites that
haven't been updated yet. (Yes, we do want people to know there is a
problem that needs patched, but we'd prefer if were weren't tempting
casual hackers to try out the hack on a unpatched site by giving them a
step by step guide.)
Again, we are sorry for the inconvenience
and any trouble this may have caused you. If you know of other
BlogEngine.NET users, please pass this information along.
For BE.NET users who have modified the BlogEngine.Core and would like to identify the changes without overwriting their customizations (and can't find details), I would suggest you look for an assembly diff tool to differentiate the patched and unpatched assemblies.