Comment 6 for bug 111620

These, and about 10 other security vulnerabilities are fixed in the current debian stable package (2.0.10-1,see changelog [1]). I'd suggest a SRU. (working on, or at least trying it)

[1] http://packages.debian.org/changelogs/pool/main/w/wordpress/wordpress_2.0.10-1/changelog