WordPress has just released version 3.3.2, which is a security update that resolves a number of vulnerabilities found in previous releases. According to the announcement, three external libraries included in WordPress received security updates: Plupload, SWFUpload and SWFObject.
- Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
- Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
- Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.
Five more bugs were also fixed, and more information can be found in the change log.
In addition to this release, WordPress 3.4 Beta 3 is also now available for download. And while the build isn’t ready for the prime time, plugin and theme developers should already be working with it for testing.
➤ Download WordPress 3.3.2, or update now from the Dashboard → Updates menu in your site’s admin area.