WordPress released critical security update with version 3.0.2

I think you already got this information in your WordPress dashboard.WordPress released the new version due to the vulnerability found in author level rights.This will allow a remote attacker with author level rights to gain access your blog.

The new updated version also included many small security enhancements.This is a mandatory update for all WordPress versions.

Summary of bugs fixed

  • Fix moderate security issue where a malicious Author-level user could gain further access to the site. (r16625)

Other security fixes:

  • Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. (#13887)
  • Fix canonical redirection for permalinks containing %category% with nested categories and paging. (#13471)
  • Fix occasional irrelevant error messages on plugin activation. (#15062)
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin. (r16367, r16373)
  • Clarify the license in the readme (r15534)
  • Multisite: Fix the delete_user meta capability (r15562)
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins (#15122)
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string (#14450)
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs (#14536)

Not updating your WordPress installation means you are asking for trouble!,Act now and  update your WordPress to the latest version automatically from your dashboard.I prefer you should immediately update even if you don’t have untrusted users.

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.