I’m not entirely sure I’d call it a worm since it doesn’t really spread automatically and on its own, but anyway. I saw this on gHacks and thought it was cool.

Basically this guy discovered seven vulnerabilities in the latest version of Wordpress and decided to write a worm that will go into your site and patch the problems. All you have to do is login as an admin, post a comment containing a link to http://mybeni.rootzilla.de/mybeNi/ and click on it from the Moderate Comments admin panel. This will take you to his site where you then would have to click “Secure my blog” to continue. It’ll go back to your admin panel and guide you through the process of patching 3 files to stop this kind of XSS/ Cross-site-scripting vulnerability.

Of course you’ll have to trust that this won’t do any harm to your wp installation

If you don’t want to do it this way and can wait. This is all fixed in the next update; which you can get off of the SVN repo right now.