Maintainers of the open-source WordPress blog publishing platform has shipped a mandatory security update to cover a potentially serious security vulnerability.
The vulnerability, rated moderate, could allow a malicious Author-level user could gain further access to the WordPress-powered site.
"You should update immediately even if you do not have untrusted users," according to a notice from the maintainers of the project.
The WordPress 3.0.2 update also fixes a flaw in the trackback whitelisting feature that allowed comment spammers to bypass certain security features. A minor cross-site scripting issue was also addressed in this update.