WordPress < 3.5.2 Multiple Vulnerabilities

Versions of WordPress earlier than 3.5.2 are potentially affected by the following vulnerabilities :

• The application contains a denial of service attack affecting sites using password-protected posts.(CVE-2013-2173)
• The application is affected by a server-side request forgery vulnerability. This vulnerability can be used to gain access to a site. (CVE-2013-2199)
• A privilege escalation vulnerability exists that allows contributors to publish posts and users to reassign authorship. (CVE-2013-2200)
• A cross-site scripting vulnerability exists related to uploading media. (CVE-2013-2201)
• A XML External Entity Injection (XXE) vulnerability exists in ‘oEmbed’. (CVE-2013-2202)
• A vulnerability exists disclosing a full file path related to file upload. (CVE-2013-2203)
• A cross-site scripting vulnerability exists related to ‘TinyMCE’ library. (CVE-2013-2204)
• The application is affected by a cross-site scripting vulnerability in the ‘SWFUpload’ library. (CVE-2013-2205)
• Cross-site scripting vulnerabilities exist in the ‘post.php’ script relating to the ‘excerpt’ and ‘content’ parameters.