wordpress issues got CVEified

Upstream is very intransparent here on the fixes, so Craig did request
CVEs baseed on descriptions. Only for three of those there was
posibility to relate to correct commits/changesets. The others are quite
unclear at this point.

Cf. https://bugs.debian.org/939543