Tech
WordPress ships 'mandatory' security update
Security vulnerability could allow a malicious Author-level user could gain further access to the WordPress-powered site.
![ryan-naraine.jpg](https://www.zdnet.com/a/img/resize/58705b1ab848cb0209d7d7d504dffaab176d93aa/2014/07/22/4b4e2273-1175-11e4-9732-00505685119a/ryan-naraine.jpg?auto=webp&fit=crop&frame=1&height=192&width=192)
The vulnerability, rated moderate, could allow a malicious Author-level user could gain further access to the WordPress-powered site.
"You should update immediately even if you do not have untrusted users," according to a notice from the maintainers of the project.
The WordPress 3.0.2 update also fixes a flaw in the trackback whitelisting feature that allowed comment spammers to bypass certain security features. A minor cross-site scripting issue was also addressed in this update.