– Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
– Cross-site scripting vulnerability when making URLs clickable.
– Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
Full list of changes made in version 3.3.2 is available here.
PHP delevelpers could see changes in source code directly using this link.
If you didn’t install this update yet, consider to do it right now. It’s very important to defend your lovely blog as much as possible.