id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
4627,Link manager exploit?,cbdilger,pishmishy,"I think someone has found a way to add links using /wp-admin/link-add.php without authentication -- today I found a new link (spam, of course, of the casino variety) and three accesses to the above address from one IP address. 

I deleted the link, but I would not be surprised to see it return...

Let me know if I can provide more information; I have shell access to the machine in question (hosted on Dreamhost). I'm running WP 2.2. Thanks.",defect (bug),closed,high,,Security,2.2,normal,wontfix,,