Vulnerabilities: URL Redirector Abuse and Cross-Site Scripting (XSS) in WordPress Affected Versions: WordPress 3.6 and previous versions for most vulnerabilities; some specific to 3.0 - 3.6 Examples Of Vulnerable Paths: - Redirector ( ): - - - - - XSS: - Disclosure Date: 2013-11-30 (on personal website), mailing list announcement 2013-12-19 Additional Notes: Previous discoveries of similar vulnerabilities by the author date back to 2007, with some issues lingering until the latest disclosed patch in 3.6