Feed: gHacks Technology News
WordPress 3.0.4 Released, Fixes Critical Security Vulnerability
An update to the popular blogging platform WordPress has just been released that fixes a critical security vulnerability in the software. WordPress 3.0.4 is already available for download at the official website and through the updating options on installed WordPress blogs.
The update is currently not announced on the frontpage of the admin interface which means that WordPress admins need to click on Updates to see the update options.
It is as usually possible to install the update right away by downloading it directly to the server running the blog. The script handles the download, unpacking and installation of the new version automatically.
Users who want to test the release first can also download it instead to do just that.
The vulnerability reads:
Fix XSS vulnerabilities in the KSES library: Don’t be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url()
WordPress rates the vulnerability as critical which means that webmasters should update their blogs as soon as possible to protect it from possible exploits of the issue.
WordPress is also available directly at the official website.
© Martin for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: wordpress, wordpress blog, wordpress security, wordpress update, wordpress vulnerability
Feed Info:
Name: gHacks Technology News
URL: http://www.ghacks.net/feed/
Add, Modify, Remove feeds at Innerfeed
0 comments:
Post a Comment
Post a Comment