Versions of WordPress prior to 3.1.1 are susceptible to the following vulnerabilities :
- A flaw exists that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user’s browser within the trust relationship between their browser and the server. (CVE-2011-4956)
- A flaw exists that may allow a remote denial of service. The issue is triggered when the ‘make_clickable()’ function in the ‘wp-includes/formatting.php’ script fails to properly verify URL length in comments before passing it to the PCRE library, resulting in a loss of availability. (CVE-2011-4957)