The version of WordPress installed on the remote host may include a backdoor that allows an unauthenticated remote attacker to execute arbitrary code on the remote host, subject to the permissions of the web server user ID.
Binary data 3933.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1277
ifsec.blogspot.com/2007/03/wordpress-code-compromised-to-enable.html
wordpress.org/development/2007/03/upgrade-212
www.securityfocus.com/archive/1/461794/30/0/threaded