Another information (path?) disclosure vulnerability reported against wordpress: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4743 It is not clear to me whether this is an actual security issue in the FE (4, 5, devel) package, but it should be investigated.
This is a bogus CVE reported against nonexistent 2.0.5 version of wordpress. (Probably a 2.0.1 version actually.) 2.0.4 is not vulnerable.
Agreed - this looks like it's a repeat of an earlier vulnerability. Closing this NOTABUG.