Important Security Update Available for WordPress


Recommended Posts

Important Security Update Available for WordPress

Version 3.0.2 of popular blogging platform WordPress was released as a mandatory security update, which contains fixes for several flaws, including one that carries a moderate risk.

A complete list of changes reads:

- Fix moderate security issue where a malicious Author-level user could gain further access to the site.

- Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.

- Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.

- Fix canonical redirection for permalinks containing category with nested categories and paging.

- Fix occasional irrelevant error messages on plugin activation.

- Clarify the license in the readme

- Multisite: Fix the delete_user meta capability

- Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins

- Multisite: Fix ms-files.php content type headers when requesting a URL with a query string

- Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs

Users are advised to upgrade to the new version immediately by going to the Dashboard Updates menu, especially since the process is now a lot easier and straight-forward than it used to be.

Details - http://news.softpedi...ss-169820.shtml

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...