A logic flaw in the way WordPress created blog posts allowed attackers to access features only administrators were supposed to have. This lead to a Stored XSS and Object Injection in the WordPress core and more severe vulnerabilities in WordPress’s most popular plugins Contact Form 7 and Jetpack.