Here's a patch (mangled by cut&paste) which hacks around the problem.
Stick it in patches/patch-ftpcmd.y-MIT-IS for best results.  This hack
was put together by MIT Information Systems as a stopgap until the
wu-ftpd developers come up with an official fix.

*** src/ftpcmd.y.old    Fri Jun 23 00:44:11 2000
- --- src/ftpcmd.y        Fri Jun 23 00:48:36 2000
***************
*** 1460,1469 ****
- --- 1460,1474 ----
            if (wu_getline(cbuf, sizeof(cbuf) - 1, stdin) == NULL) {
                (void) alarm(0);
                reply(221, "You could at least say goodbye.");
                dologout(0);
            }
+           else if (strchr(cbuf, '%')) {
+               (void) alarm(0);
+               reply(421, "The command line contained a %% character.");
+               dologout(0);
+           }
  #ifndef IGNORE_NOOP
            (void) alarm(0);
  #endif
            if ((cp = strchr(cbuf, '\r'))) {
                *cp++ = '\n';