WordPress Multiple Security Vulnerabilities

WordPress is prone to multiple security vulnerabilities including:

1. A remote code-execution vulnerability
2. An unspecified cross-site scripting vulnerability
3. A denial-of-service vulnerability
4. An information-disclosure vulnerability
5. A cross-site request-forgery vulnerability

An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to disclose sensitive information, to execute arbitrary code, to perform unauthorized actions in the context of a user's session, or to cause denial-of-service conditions. Other attacks are also possible.

Versions prior to WordPress 3.9.2 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus