The heart of tech

This article was published on April 20, 2012


WordPress releases version 3.3.2 as a security update, fixes 11 vulnerabilities

WordPress releases version 3.3.2 as a security update, fixes 11 vulnerabilities
Harrison Weber
Story by

Harrison Weber

Harrison Weber is TNW's Features Editor in NYC. Part writer, part designer. Stay in touch: Twitter @harrisonweber, Google+ and Email. Harrison Weber is TNW's Features Editor in NYC. Part writer, part designer. Stay in touch: Twitter @harrisonweber, Google+ and Email.

WordPress has just released version 3.3.2, which is a security update that resolves a number of vulnerabilities found in previous releases. According to the announcement, three external libraries included in WordPress received security updates: Plupload, SWFUpload and SWFObject.

The above vulnerabilities were disclosed by Neal PooleNathan Partlan and Szymon Gruszecki. WordPress 3.3.2 also addresses other issues that were fixed by the organization’s core security team:

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

Five more bugs were also fixed, and more information can be found in the change log.

In addition to this release, WordPress 3.4 Beta 3 is also now available for download. And while the build isn’t ready for the prime time, plugin and theme developers should already be working with it for testing.

➤ Download WordPress 3.3.2, or update now from the Dashboard → Updates menu in your site’s admin area.