2005-08-09: WordPress Exploit
WordPress < = 1.5.1.3 is vulnerable to a server-side XSS attack. It requires register\_globals
to be turned on. If you can’t disable registration of global variables you might want to enable safe\_mode or disable some of the unsafe functions by adding
disable_functions = exec, system, passthru
to your php.ini.
Found on fh’s blog