I'm not sure how the subversion versions are numbered, but I did notice the version number discrepency. I'm also not sure if the path disclosure issue was also related to the other half-a-bazillion scripts listed in the posting, which I didn't cut and paste.
Path disclosure issues are generally precursors to other types of attack, since once you know where something lives, you can either find where something exploitable lives or use that as a basis for getting something on the box and then calling it from elsewhere. If nothing else is exploitable, then they're really not that big a deal.
It's not the most informative Bugtraq posting ever, but two things worried me- the first is any time I see the term "SQL injection" followed by a URL with "Create Table" in it- that tends to set off alarm bells.
The second thing is that there's no obvious security link on the WP site. This means that (a) I'm not sure if the Bugtraq poster was just a jerk, or if they couldn't figure out who to contact before doing the posting, or (b) if they did contact someone but there's no way for an interested party to figure that out.