WordPress 3.3.1 closes XSS hole
Version 3.3.1 of the open source WordPress blogging and publishing platform has been released. The maintenance and security update addresses a cross-site scripting (XSS) vulnerability affecting WordPress 3.3. According to a blog post by security researchers Aditya Modha and Samir Shah, the hole affects WordPress instances installed using an IP address; instances of WordPress installed using a domain name are reportedly not vulnerable.
In addition to closing the security hole, the update fixes a number of bugs found in the previous release including two high priority issues: one related to the tabindex that could cause users to lose an edit or reply, and the other is in the script loader. A full list of fixes can be found in the WordPress Trac. WordPress 3.3.1 is available to download from the project's site or exisiting users can update using the built in update functionality. The source code is licensed under the GPLv2.
- WordPress 3.3 "Sonny" adds new media uploader, a report from The H.