April 20th, 2012
WordPress 3.3.2 is available now and is a security update for all previous versions. Three external libraries included in WordPress received security updates: Plupload (version 1.5.4), which WordPress uses for uploading media. SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins. SWFObject, which WordPress previously used to embed [...]
January 3rd, 2012
WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team. Download 3.3.1 or visit [...]
June 29th, 2011
WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions. This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site. Thanks K. Gudinavicius of SEC Consult for bringing this to our attention. Version 3.1.4 also incorporates several other security fixes and hardening [...]
June 22nd, 2011
Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory. We’re [...]
May 25th, 2011
WordPress 3.1.3 is available now and is a security update for all previous versions. It contains the following security fixes and enhancements: Various security hardening by Alexander Concha. Taxonomy query hardening by John Lamansky. Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros. Media security fixes by Richard Lundeen of Microsoft, Jesse Ou [...]
April 26th, 2011
WordPress 3.1.2 is now available and is a security release for all previous WordPress versions. This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts. The issue was discovered by a member of our security team, WordPress developer Andrew Nacin, with Benjamin Balter. We suggest you update to 3.1.2 promptly, especially if [...]
April 5th, 2011
WordPress 3.1.1 is now available. This maintenance and security release fixes almost thirty issues in 3.1, including: Some security hardening to media uploads Performance improvements Fixes for IIS6 support Fixes for taxonomy and PATHINFO (/index.php/) permalinks Fixes for various query and taxonomy edge cases that caused some plugin compatibility issues Version 3.1.1 also addresses three [...]
February 8th, 2011
WordPress 3.0.5 is now available and is a security hardening update for all previous WordPress versions. This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening. All WordPress users are strongly encouraged to update. Three point oh point five Enhances security Three point [...]
