Recently, a security vulnerability was reported in the the design of the Pingback specification. Basically, the specification fails to include a service or URL authentication model, making it susceptible to abuse.

This issue affects several software packages that implement pingbacks, including Wordpress 2.0.7, yet there has been little information posted about this on WordPress.org. WordPress 2.1 is not vulnerable, but the new and improved blogging app requires MySQL 4, which is not always available from web hosts. 

How to patch WordPress 2.0.7

Your first option is to apply the patch file provided by Blake Matheny, the researcher who reported the vulnerability. You can find that patch file on the SecurityFocus advisory.

To apply the patch, first make a copy of wp-includes/functions.php. Next, upload the patch file to /wp-includes/, then type on the command line:

patch < 4tphi-sa-20070111-wordpress.diff

If you're not comfortable working on the command line, you can download this patched version of the functions.php file, save it with the .php extension, and replace your existing copy with it.

Please note: This patch is for WordPress 2.0.7 ONLY! Use at your own risk. 

Thanks to Otto42 for the encouragement!