WordPress prior to 4.5.3 allows remote malicious users to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors.
Several vulnerabilities were discovered in wordpress, a web blogging
tool, which could allow remote attackers to compromise a site via
cross-site scripting, bypass restrictions, obtain sensitive
revision-history information, or mount a denial of service
For the stable distribution (jessie), these problems have been fixed in
version 41+dfsg-1+deb8 ...