Related to my previous post, I emailed WordPress lead developers about the vulnerability, and got this response from Andrew Nacin:
We’re aware of the report and have been investigating. If you are running the latest version of WordPress (4.0), you have nothing to worry about.
EDIT 2014-11-21: WordPress 4.0.1 is out, with several security fixes unrelated to the major vulnerability discovered by klikki.fi. There are also security releases in the 3.x series.