/var/www/wordpress/wp-settings.php search for
set_magic_quotes_runtime and make sure that it's called like this:
set_magic_quotes_runtime( 0 );
2) inside the same file, search and comment out this line:
// Add magic quotes and set up $_REQUEST ( $_GET + $_POST ) // wp_magic_quotes(); //<-- this has to be commented
3) disable the PHP's magic_quotes_gpc like described herep.s. don't do these changes on production WordPress site(s) as it will just open up the door(s) for the new potential attacks
p.p.s. why disclosing vulnerabilities which have a note "magic quotes has to be turned off" is as important as others? Along with the fact that lots of web admins willingly decide to turn it off, magic_quotes mechanism is considered as deprecated from PHP 5.3.0.. That means that solely relying on that automatic security mechanism (especially inside WordPress) from preventing SQL injection vulnerabilities (especially in future) should be considered as a big no no.