今天在SECUNIA的邮件列表里看到了这个邮件 “phpWordPress SQL Injection Vulnerabilities”，事关自己使用和支持的wordpress，顿时心惊肉跳 (secunia的邮件隔几天就让我肉跳一次!)打开看来

r0t has reported some vulnerabilities in phpWordPress, which can beexploited by malicious people to conduct SQL injection attacks.
Input passed to the “poll”, “category”, and “ctg” parameters in“index.php” isn’t properly sanitised before being used in a SQLquery. This can be exploited to manipulate SQL queries by injectingarbitrary SQL code.
好生奇怪，wordpress哪里来的”poll”, “ctg”这类参数?再往下看
The vulnerability [...]