beNi has discovered several interesting vulnerabilities for WordPress and has coded a friendly AJAX XSS worm that works behind your back and fixes them. I am sure that David (dk) will go in more details on the matter as soon as he stops playing with Technika and the TSF framework.

beNi, although the idea is interesting, you should not install or run any type of code on sites that you are not specifically authorized to. :) this is for real. You can get into a lot of problems for something like this no matter how noble your intentions are. Post the code and write a white paper how you did it. This is far more safer.