"Just as little warning to all those now installing 1.5.2 WordPress 1.5.2 does not fix the remote code execution vulnerability. It just renders the published exploit useless. After inserting 10 magic characters into the exploit it will still work against 1.5.2 " http://wordpress.org/support/topic/41866?page=1#post-236420