diff --git a/data/wp_vulns.xml b/data/wp_vulns.xml
index f5a67ec0..e52b916d 100644
--- a/data/wp_vulns.xml
+++ b/data/wp_vulns.xml
@@ -1038,6 +1038,12 @@
   </wordpress>
 
   <wordpress version="2.1.2">
+     <vulnerability>
+      <title>WordPress "year" Cross-Site Scripting Vulnerability</title>
+      <reference>http://secunia.com/advisories/24485/</reference>
+      <reference>http://www.securityfocus.com/archive/1/archive/1/462374/100/0/threaded</reference>
+      <type>XSS</type>
+    </vulnerability>
     <vulnerability>
       <title>Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit</title>
       <reference>http://www.exploit-db.com/exploits/3656/</reference>
diff --git a/lib/wpscan/wp_target.rb b/lib/wpscan/wp_target.rb
index eb5b3dec..d37f226d 100644
--- a/lib/wpscan/wp_target.rb
+++ b/lib/wpscan/wp_target.rb
@@ -61,7 +61,7 @@ class WpTarget
 
   # Valid HTTP return codes
   def self.valid_response_codes
-    [200, 301, 302, 401, 403, 500]
+    [200, 301, 302, 401, 403, 500, 400]
   end
 
   # return WpTheme