An update to the popular WordPress blogging platform fixes a known security hole that could have enabled a malicious contributor to gain wider control over the blog to which he or she contributed. The privilege escalation hole was described as of moderate severity. The latest update includes a fix for a trackback white listing feature that allowed comment spammers to bypass features that limited trackbacks or pingbacks from previously unknown individuals, as well as a cross site scripting issue described as minor
Source: https://threatpost.com/wordpress-update-fixes-malicious-author-vulnerability-120110/74725/

