Wordpress 2.3.1 converts the 'p' parameter to an integer. query.php line 449: $qv['p'] = (int) $qv['p']; So there is no exploit possibility.