Free WordPress Security Mini Course

Comments   |   WordPress Updates

WordPress 3.3.2 (and WordPress 3.4 Beta 3)

Another WordPress version has been released today. It’s not a major release (as you can tell by the multiple periods such as X.Y.Z), but that doesn’t mean it’s not important to download. As always, we strongly urge you to upgrade your WordPress to the latest stable version. These sub-versions often include security updates that are important to your site.

According to the WordPress official statement, here’s what this version includes:

Three external libraries included in WordPress received security updates:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

WordPress 3.3.2 also addresses:

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.

Along with this stable version 3.3.2, they have released 3.4 Beta 3 which means stable version 3.4 is sure to come soon. So keep your eyes on our blog to find out right when it happens!

Leave a Reply