dcsimg
RealTime IT News

Open source Wordpress users advised to upgrade to 3.0.4

wordpresslogo.jpg
From the 'U.S. CERT' files:

U.S. CERT is out with a note this morning advising users of the open source Wordpress cms to update to the new 3.0.4 release.

This new release follows the recent 3.0.3 update in early December -- itself a quick update to the 3.0.2 update of late November.

"WordPress.org has released
WordPress 3.0.4 to address a vulnerability in the HTML sanitation
library," U.S. CERT states." Exploitation of this vulnerability may allow an attacker to
insert arbitrary HTML and script code into the browser session.
"

Yeah, that's pretty darn serious -- so if you're running Wordpress, update immediately (and check to make sure you haven't already been exploited).

Wordpress developers do a fantastic job of responding and updating the application to threats, which is likely why the last three incremental point updates to Wordpress have all come so quickly.

Instead of *waiting* to bundle all known vulnerabilities into a *big* update, Wordpress developers have taken the initiative to update rapidly to protect their users.

Comment and Contribute