More and more people understand and know the typical security mistakes that people make when programming dynamic web pages, there are even efforts and projects to catalog the types of errors, like a free safety in question.
However, this is an unrealistic approach to the problem, computer security is not about applying certain standards to try to find mistakes, not about what you owe and what you should not do. It deals exclusively with the back to fetch all, wonder if what you see, is just as you see, or may be viewed from another perspective. Often computer security is about whether we see the code does only what it says it does or can do something else.
Although this entry is about a security hole that I found on wordpress, and affects all versions, including the last, I wanted to begin by explaining all this to explain why there is still no patch for the bug, or that wordpress does not take these problems seriously.
More info and Exploit
See also http://codes.zerial.org/php/wp-trackbacks_dos.phps