The SOME (Same-Origin Method Execution) vulnerability comes through the Plupload library. Plupload is a third-party CMS that is used by WordPress to upload files and images to it’s server. SOME is “a web application attack which abuses callback endpoints by forcing a victim into executing arbitrary scripting methods.”
The more urgent security issue is the XSS (Cross-Site Scripting) vulnerability located in the MediaElement.js library. This library is used to show an audio and video player when the user embeds audio or video files. To exploit this vulnerability, attackers can craft malicious URLs which are passed through WordPress to the MediaElement.js library.