the theme with the vulnerability, is my theme, and it’s not available anymore for download on ww.wp.xz.cn, it was removed 15 months ago indeed.
How can we help you if we don’t know your website URL?
Sure it can be done. Run this before the loop:
<?php query_posts(array('category__not_in' => array(29,30,31), 'paged' => (get_query_var('paged')) ? get_query_var('paged') : 1)); ?>
