It’s seem like just yesterday, WordPress updated its wildly popular open source blogging software (it was actually last week).
As it turns out, they missed one flaw in the 3.0.2 release and that’s why 3.0.3 is now out.
With the 3.0.3 release, WordPress is addressing an XML-RPC flaw that could potentially enable non-admin users (that’s right just regular contributors) to edit or delete posts. Yes, that’s series and yes that means, if you’re running WordPress today with remote publishing enabled, you need to update quickly to avoid this risk.
Kudos to WordPress for moving so fast on this. Let’s hope that self-hosted WordPress users can move equally as fast.
Moving forward, WordPress 3.1 is now in beta, and it could be out in general availability by the end of the year.