WordPress contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

WordPress contains an unspecified flaw that may allow an attacker to upload arbitrary files with invalid or unsafe names. No further details have been provided by the vendor.

WordPress contains a flaw that allows a limited cross-site scripting (XSS) attack. This flaw exists because the program does not validate input before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.