Welcome to the new ZDNet! Give feedback or learn more about our updated design here. Or, return to the classic view.

WordPress ships 'mandatory' security update

Security vulnerability could allow a malicious Author-level user could gain further access to the WordPress-powered site.

Maintainers of the open-source WordPress blog publishing platform has shipped a mandatory security  update to cover a potentially serious security vulnerability.

The vulnerability, rated moderate, could allow a malicious Author-level user could gain further access to the WordPress-powered site.

"You should update immediately even if you do not have untrusted users," according to a notice from the maintainers of the project.

The WordPress 3.0.2 update also fixes a flaw in the trackback whitelisting feature that allowed comment spammers to bypass certain security features.  A minor cross-site scripting issue was also addressed in this update.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All