Security update for WordPress
The 2.8.3 security update for WordPress fixes several privilege escalation vulnerabilities, similar to the problems fixed in a previous update to version 2.8. The developers had overlooked some of the loopholes which 2.8.3 now closes.
The security service provider Core Security had warned of various security problems in WordPress before, after finding errors in processing certain URLs. For example, unprivileged, but registered users, are reportedly able to examine the configuration pages of plug-ins and to change their options.
See also:
- WordPress 2.8.3 Security Release
- Vulnerabilities in WordPress, a report from The H Security.
(djwm)