Feed on
Posts
Comments

The WordPress developers have just released another security and bug fix release.

Most of the updates in this new release fix some minor bugs but there’s also one fairly high-risk security bug that’ve plugged today:

Users without unfiltered_html capability can post arbitrary html
The user only needs to tamper data sent to post.php or page.php and add a field named no_filter with any value.

So it’s best to update your blog asap. You can download it over here.

RSS feed | Trackback URI

Comments »

No comments yet.

Name (required)
E-mail (required - never shown publicly)
URI
Subscribe to comments via email
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> in your comment.