The latest version of Wordpress is exploitable by what seems to be an 0day exploit. There is no patch on Here's the actual exploit:
pastebin - collaborative debugging tool

It looks like it's an issue in wp-trackback.php

Temporarily disabling trackbacks should be a work around for now. Nothing has been testing though....