U.S. CERT is out with a note this morning advising users of the open source WordPress cms to update to the new 3.0.4 release.
This new release follows the recent 3.0.3 update in early December — itself a quick update to the 3.0.2 update of late November.
“WordPress.org has released
WordPress 3.0.4 to address a vulnerability in the HTML sanitation
library,” U.S. CERT states.” Exploitation of this vulnerability may allow an attacker to
insert arbitrary HTML and script code into the browser session.“
Yeah, that’s pretty darn serious — so if you’re running WordPress, update immediately (and check to make sure you haven’t already been exploited).
WordPress developers do a fantastic job of responding and updating the application to threats, which is likely why the last three incremental point updates to WordPress have all come so quickly.
Instead of *waiting* to bundle all known vulnerabilities into a *big* update, WordPress developers have taken the initiative to update rapidly to protect their users.