Description
WordPress is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. WordPress version 2.0.5 is vulnerable; other versions may also be affected.
Remediation
Update to WordPress version 2.1 or latest
References
Related Vulnerabilities
WordPress Plugin Tags Cloud Manager Cross-Site Scripting (1.0.0)
WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities (0.6.2 - 0.71)
Oracle Database Server CVE-2009-1971 Vulnerability (CVE-2009-1971)
WordPress Plugin WP Yelp Review Slider SQL Injection (7.0)
WordPress Plugin IMPress for IDX Broker Cross-Site Scripting (3.0.5)