WordPress ships 'mandatory' security update

Summary:Security vulnerability could allow a malicious Author-level user could gain further access to the WordPress-powered site.

Maintainers of the open-source WordPress blog publishing platform has shipped a mandatory security  update to cover a potentially serious security vulnerability.

The vulnerability, rated moderate, could allow a malicious Author-level user could gain further access to the WordPress-powered site.

"You should update immediately even if you do not have untrusted users," according to a notice from the maintainers of the project.

The WordPress 3.0.2 update also fixes a flaw in the trackback whitelisting feature that allowed comment spammers to bypass certain security features.  A minor cross-site scripting issue was also addressed in this update.

Topics: Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.