Here is another one, snore. WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Reproducible: Didn't try http://downloads.securityfocus.com/vulnerabilities/exploits/22534.html
There is another open security bug for WordPress, they will be handled simultaneously. *** This bug has been marked as a duplicate of bug 163817 ***