WordPress is prone to multiple unspecified security vulnerabilities. Very little information is available on this issue. One of these issues is related to plugins and may allow a remote user to bypass security restrictions. The impact of this will depend on the configuration of WordPress but may permit the execution of arbitrary PHP code. WordPress versions prior to 2.0.4 are vulnerable.
Update to WordPress version 2.0.4 or latest
WordPress Plugin Paid Downloads 'download_key' Parameter SQL Injection (2.01)
WordPress Plugin Yoast SEO Security Bypass (1.4.6)
WordPress Plugin S3 Video Cross-Site Scripting (0.983)
WordPress Plugin Post to Twitter Cross-Site Request Forgery (0.7)
WordPress Plugin WP Product Review Lite Unspecified Vulnerability (3.7.6)