WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site (CVE-2015-5622).
WordPress versions 4.2.2 and earlier are affected by an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft (CVE-2015-5623).