Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to run insecure deserialization, embed spam, perform various Cross-Site Scripting or Cross-Site Request Forgery attacks, escalate privileges, run arbitrary code, and delete arbitrary files.