– Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
– Cross-site scripting vulnerability when making URLs clickable.
– Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.
Full list of changes made in version 3.3.2 is available here.
PHP delevelpers could see changes in source code directly using this link.
If you didn’t install this update yet, consider to do it right now. It’s very important to defend your lovely blog as much as possible. It’s the fact that WordPress based sites are under permanent hard attacks. Just during last 10 minutes I write this post, I got 2 messages about bots trying to login into shinephp.com under ‘admin’ user. Do you still have active admin user at your blog? May be you even use some simple password for him? You are in danger. Add new user, assign him ‘Administrator’ role. Rename of block admin user immediately after that.
Bad guys write special scripts, software bots which scan Internet for old, not updated WordPress installation and try to exploit known vulnerabilities. Do not become an easy victim, make your the best to defend a lot of hours you spent making your WordPress blog better.
Update is fast and easy. You need go to
Dashboard > Updatesmenu in your site’s admin for that. After a couple of seconds as you clicked update link, you will see this page:
That’s cool! You updated your WordPress blog to the latest 3.3.2 version.