Vulnerabilities in PHP modules endanger (once again) numerous web applications - and once again it's XML-RPC. They are still using eval - and that's for evaluating tags. Seriously? Sorry, folks, but this is just ridiculous - eval has already blown up in your face, why weren't all those calls removed back then? Or at least properly secured?
And people wonder why I don't have much faith in PHP software ...