WordPress version 3.3.1 is prone to a multiple cross site request forgery vulnerabilities. These vulnerabilities are caused by a security flaw in anti-CSRF token (_wpnonce, _wpnonce_create-user, _ajax_nonce, _wpnonce-custom-background-upload, _wpnonce-custom-header-upload) generation. Multiple CSRF allow an attacker to change Site Address, when an authenticated user/admin browses a special crafted web page, change post title, add administrators/users, delete administrators/users, change site title, change administratorโs email, change Wordpress Address, also, approve and unapprove comment, delete comment, change background image, insert custom header image.
Update WordPress.