Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks.
For the stable distribution (jessie), these problems have been fixed in
ORIGINAL SOURCE: Seclist
from [SECURITY] [DSA 3870-1] wordpress security update