Description

WordPress is prone to multiple vulnerabilities, including arbitrary file upload, information disclosure, clickjacking and possibly SQL injection. Exploiting these issues may allow an attacker to upload arbitrary code and run it in the context of the webserver process, which may facilitate unauthorized access or privilege escalation, to obtain sensitive information that may help in launching further attacks or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress versions prior to 3.1.3 are vulnerable.

Remediation

Update to WordPress version 3.1.3 or latest

References

Related Vulnerabilities