Versions of WordPress prior to 3.4.1 are susceptible to the following vulnerabilities :
- A flaw exists that allows a remote cross-site scripting (XSS) attack as the application fails to properly restrict access to unfiltered HTML. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server. (CVE-2012-3383)
- A flaw exists that is triggered when the program fails to properly perform a user capability check during the parsing of an XMLRPC request. This may allow an attacker to edit an arbitrary post. (CVE-2012-3384)
- A flaw that may allow an attacker to gain access to potentially sensitive information. No further details have been provided. (CVE-2012-3385)