I'd like answers to all of the above if anyone has any ideas.
//me looks for question marks.
If I can successfully rule out plugins and themes, I would like to scan and scrub my databases for injected code. What should I be looking for? In which tables?
anything that doesnt belong there. in all of them. taking shortcuts doesnt help.
Is there a list somewhere of plugins that are problematic?
depeends on how you define problematic. problematic isnt necessarily insecure, and something being insecure, doesnt mean its on a list anywhere.
if youre asking if there's a place to look for publically known insecure plugins -- sure, go do a search on milw0rm.com for wordpress
Im sure that's not all-inclusive, but it's a start.
ANYONE can write a wordpress plugin, even my dog can, and thats a double edged sword. ANYONE can, and nearly everyone has. That doesnt necessarily mean that the plugins are written well, or that the writer knows how to properly sanitize user input, variables, etc..
Is there a list somewhere of themes that are problematic?
No, and the same 'user issues' that exist with plugins exist with themes.
One thing that Ive seen is that some theme authors are still using php_self in the search code. Thats a no-no, generally speaking. Way way back when, the 2 themes that were included were revamped to no longer use that, and I dont know if there was an internal check put into the core to account for themes that continue to use that.
this is 'problematic':
<form id="searchform" method="get" action="<?php echo $_SERVER['PHP_SELF']; ?>">
this is not:
<form id="searchform" method="get" action="<?php bloginfo('home'); ?>">
Are there any tools available that can scan a backup of a MySQL table exported from phpMyAdmin and clean out a SQL Injection?
A good set of eyes is your best and safest bet. It takes longer, but in the end, trusting software is not the solution.
Are there any tools that can detect any other problems
in regards to a WordPress installation that has been compromised?
what 'other problems' ?? I cant answer that, since i dont know what youre asking.
Is there a problem with a problem with WordPress ?
hows that gaz?