WordPress < 3.1.3 Multiple Vulnerabilities

Versions of WordPress prior to 3.1.3 are susceptible to the following vulnerabilities :

• An unspecified flaw exists related to media security. (CVE-2011-3122)
• An unspecified flaw exists related to security hardening. (CVE-2011-3125)
• A flaw exists that allows remote attackers to determine usernames of non-authors via canonical redirects. (CVE-2011-3126)
• A flaw exists which fails to prevent rendering for admin or login pages inside a frame in a third-party HTML document. A remote attacker may exploit this to conduct clickjacking attacks via a crafted web site. (CVE-2011-3127)
• A flaw exists that treats unattached attachments as published, which might allow remote attackers to obtain sensitive data via vectors related to ‘wp-includes/post.php’. (CVE-2011-3128)
• An unspecified flaw exists related to file upload functionaliy. (CVE-2011-3129)
• An unspecified flaw exists in ‘wp-includes/taxonomy.php’ related to taxonomy query hardening which may allow an attacker to conduct an SQL injection attack. (CVE-2011-3130)