SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.
http://www.vupen.com/english/advisories/2005/2594
http://www.securityfocus.com/bid/15582
http://secunia.com/advisories/17733
http://pridels0.blogspot.com/2005/11/phpwordpress-30-sql-inj.html
http://forum.word-press.net/index.php?&showtopic=76&st=0&#entry181