Crtc4L discovered a cross-site scripting vulnerability in wordpress, a
web blogging tool, allowing a remote authenticated administrator to
compromise the site.
For the oldstable distribution (wheezy), this problem has been fixed
in version 3.6.1+dfsg-1~deb7u9.
For the stable distribution (jessie), this problem has been fixed in
version 4.1+dfsg-1+deb8u7.
For the unstable distribution (sid), this problem has been fixed in
version 4.4.1+dfsg-1.
We recommend that you upgrade your wordpress packages.