FYI...WordPress v2.8.5 released
October 20, 2009 - "The latest stable release of WordPress (Version 2.8.5) is available..."
"... changes in this release are:
• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.
We would recommend that all sites are upgraded to this new version of WordPress to ensure that you have the best available protection. If you think your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit then we would recommend that you take a look at the WordPress Exploit Scanner*..."
Where: From remote
Solution Status: Vendor Patch
Software: WordPress 2.x
Solution: Update to version 2.8.5...