Several vulnerabilities were discovered in wordpress, a web blogging tool. They would allow remote attackers to force password resets, and perform various cross-site scripting and cross-site request forgery attacks.
For the stable distribution (jessie), these problems have been fixed in
version 4.1+dfsg-1+deb8u13.
View full story
ORIGINAL SOURCE: Seclist