Recently, there has been a number of cases involving mxlrpc.php. It appears that these xmlrpc ‘exploits’ are caused by outdated versions of WordPress. Consider reading this RSI Diary post. Although it dates back to 2005, my friend Polonus is finding occurrences of this exploit in 2013.

Read more on the avast! forums,
~!Donovan