WordPress 3.1.2 Multiple Vulnerabilities - CVE-2011-3126

WordPress is prone to multiple vulnerabilities including arbitrary file upload information disclosure clickjacking and possibly SQL injection. Exploiting these issues may allow an attacker to upload arbitrary code and run it in the context of the webserver process which may facilitate unauthorized access or privilege escalation to obtain sensitive information that may help in launching further attacks or to compromise the application access or modify data or exploit latent vulnerabilities in the underlying database. WordPress versions prior to 3.1.3 are vulnerable.