There are two vanilla XSS on 'wp-register.php'. Only versions <=2.0.1 appear to be affected. More info can be found on GNUCITIZEN's BlogSecurity: http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/ Regards, -- pagvac gnucitizen.org, ikwt.com