The wordpress development team reports:
	  
	    - Block unsafe PHP unserialization that could occur in limited
	      situations and setups, which can lead to remote code
	      execution.
- Prevent a user with an Author role, using a specially crafted
	      request, from being able to create a post "written by" another
	      user.
- Fix insufficient input validation that could result in
	      redirecting or leading a user to another website.
Additionally, we've adjusted security restrictions around file
	  uploads to mitigate the potential for cross-site scripting.