Writes Lorelle on her WordPress-centric blog:

There are two clues that your WordPress site has been attacked:

First, there are strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

TechCrunch is not great about reporting security vulns, certainly not to the level of detail you;d want if you hack in the scene. What *is* interesting is using the Http Referer (sic) header to carry the actual payload.