This article is more than 1 year old
WordPress update tackles critical blogging bug
In between days security fix
Bloggers who rely on WordPress would be well advised to take a break from seasonal festivities in order to plug a serious security flaw in the software.
WordPress 3.0.4 tackles a serious vulnerability which, left unfixed, creates a handy mechanism for malicious hackers to break into installations of the widely used blogging software. Specifically the vulnerability stems from flaws in the HTML sanitation library used by WordPress.
In the past vulnerable installations of WordPress have facilitated the spread or worms. The flaw might also lend itself towards site compromise or blog spam.
Even though attacks against the vulnerability are yet to appear sys admins would still be well advised to apply the update, described as critical by WordPress' developers. ®