Home > Guide > Wordpress Security Update Released

Wordpress Security Update Released

Published on 12/1/2010 by

Wordpress developers have released what they’re calling a mandatory security update.  Wordpress 3.0.2, available for download as of this morning, fixes a moderate security issue that could allow malicious author-level users to gain further access to Wordpress controlled websites.  Ten bugs and security issues have been addressed with this release, and include:

  • Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
  • Fix canonical redirection for permalinks containing %category% with nested categories and paging.
  • Fix occasional irrelevant error messages on plugin activation.
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
  • Clarify the license in the readme .
  • Multisite: Fix the delete_user meta capability.
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins.
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string.
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs.

Wordpress 3.0.2 can be downloaded and manually installed to your web hosting server or updated within the Wordpress administration control panel.