WordPress ships 'mandatory' security update

Maintainers of the open-source WordPress blog publishing platform has shipped a mandatory security  update to cover a potentially serious security vulnerability.

The vulnerability, rated moderate, could allow a malicious Author-level user could gain further access to the WordPress-powered site.

"You should update immediately even if you do not have untrusted users," according to a notice from the maintainers of the project.

The WordPress 3.0.2 update also fixes a flaw in the trackback whitelisting feature that allowed comment spammers to bypass certain security features.  A minor cross-site scripting issue was also addressed in this update.