Several vulnerabilities were discovered in Wordpress, a web blogging
tool. They allowed remote attackers to run insecure deserialization,
embed spam, perform various Cross-Site Scripting (XSS) or Cross-Site
Request Forgery (CSRF) attacks, escalate privileges, run arbitrary
code, and delete arbitrary files.
For the stable distribution (buster), these problems have been fixed in
We recommend that you upgrade your wordpress packages.