WordPress 3.1.x < 3.1.2 / 3.0.x < 3.0.6 Multiple Vulnerabilities

Versions of WordPress 3.1.x prior to 3.1.2, or 3.0.x prior to 3.0.6 are susceptible to the following vulnerabilities :

• A flaw exists related to the 'wp-admin/press-this.php 'script improperly checking user permissions when publishing posts. This may allow a user with ‘Contributor-level’ privileges to post as if they had ‘publish_posts’ permission. (CVE-2011-1762, CVE-2011-5270)
• A flaw exists that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server. (CVE-2011-4956)