Wordpress 3.0.5 updates for 5 security issues
The open source Wordpress blogging platform is out with version 3.0.5, a new update fixing at least five security issues.
Two of the issues are Cross Site Scripting (XSS) flaws which I personally consider to be serious. Wordpress considers the issues to be *moderate*. In general for me, an XSS flaw that can be triggered by non-admins is a serious issue.
There is also a fix for an information disclosure issue that Wordpress warns, could have enabled a non-admin author to view posts that they aren't authorized to see.
One of them is a new feature that forces HTML filtering on comment text in the admin. The other is a hardened check_admin_referer() when called without arguments, which plugins should avoid. Both improvements are what Wordpress in their release notes refer to as 'defense in depth' techniques to further improve security.