There is a security vulnerability in PHP’s XML RPC. Until a new release includes the fix, there is a simple way you can update your PHP installation. Assuming you are using my PHP package, type this in the Terminal (note, it downloads and installs a patch from php.net):
sudo /usr/local/php4/bin/pear upgrade XML_RPC
You can update Apple’s PHP by leaving off the path to pear.
You should do this update even on a fresh download of my PHP package until a permanent solution is included.