WordPress 2.2.3 – time to upgrade

The WordPress developers have just released another security and bug fix release.

Most of the updates in this new release fix some minor bugs but there’s also one fairly high-risk security bug that’ve plugged today:

Users without unfiltered_html capability can post arbitrary html
The user only needs to tamper data sent to post.php or page.php and add a field named no_filter with any value.

So it’s best to update your blog asap. You can download it over here.

Leave a Reply