WordPress version prior to 1.5.1.3 is remotely exploitable if the web server on which it runs has register_globals enabled in the PHP configuration. Perl code exists to automatically exploit vulnerable WP 1.5.1.3 sites, allowing the attacker to try to execute code.
Update WordPress.