Description
WordPress is prone to multiple vulnerabilities, including arbitrary file upload, information disclosure, clickjacking and possibly SQL injection. Exploiting these issues may allow an attacker to upload arbitrary code and run it in the context of the webserver process, which may facilitate unauthorized access or privilege escalation, to obtain sensitive information that may help in launching further attacks or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress versions prior to 3.1.3 are vulnerable.
Remediation
Update to WordPress version 3.1.3 or latest
References
Related Vulnerabilities
Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)
WordPress Plugin Server Status by Hostname/IP SQL Injection (4.6)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4627)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2012-0021)
WordPress Plugin WP-HR Manager:The Human Resources Unspecified Vulnerability (2.9.4)