WordPress < 3.3.3 Multiple Vulnerabilities

Versions of WordPress prior to 3.3.3 are susceptible to the following vulnerabilities :

• A flaw exists that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the ‘slug’ parameter upon submission to the ‘edit-tags.php’ script. This may allow a user to create a specially crafted request using character encoding that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server. (CVE-2012-6633)
• A flaw exists as input passed via the ‘post_id’ parameter is not properly sanitized before being used in the ‘wp-admin/media-upload.php’ script. This may allow a remote attacker to gain access to potentially sensitive information or bypass media-attachment restrictions. (CVE-2012-6634)
• A flaw exists in the ‘wp-admin/includes/class-wp-posts-list-table.php’ script that is due to the program failing to restrict access to ‘excerpt-view’. This may allow a remote authenticated attacker to gain access to potentially sensitive information when viewing a draft. (CVE-2012-6635)