Multiple security issues have been discovered in WordPress, a weblog
manager, that could allow remote attackers to upload files with invalid
or unsafe names, mount social engineering attacks or compromise a site
via cross-site scripting, and inject SQL commands.