WordPress is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. WordPress version 2.0.5 is vulnerable; other versions may also be affected.
Update to WordPress version 2.1 or latest
WordPress Plugin DJ EmailPublish Cross-Site Scripting (1.7.2)
WordPress Plugin FireStats 'firestats-wordpress.php' Remote File Include (1.6.1)
PHP 4.3.0 file disclosure and possible code execution
WordPress Plugin 3DPrint Lite Cross-Site Scripting (188.8.131.52)
WordPress Plugin PG Flash Gallery Cross-Site Scripting (4.1.1)