A new stable version of the popular free open source blogging tool WordPress is available for download, and users are advised to do get a move on and install it, as it’s a security update for all previous versions.
Among the external libraries used by WordPress that have also received security updates are Plupload and SWFUpload (for uploading media), and SWFObject (for embedding Flash content).
A number of additional security vulnerabilities have been addressed in WordPress 3.3.2:
- a limited privilege escalation that allowed site administrators to deactivate network-wide plugins when running a WordPress network under particular circumstances,
- a XSS vulnerability that was possible to exploit when making URLs clickable, and
- several other XSS flaws that affected the handling of post-comment redirects and URL filtering.
Current users can download the update from the Dashboard -> Updates menu in their site’s admin area.