WordPress 3.4 update fixes security vulnerabilities
The WordPress developers have released an update to their open source publishing platform that closes important security holes. Version 3.4.2 of WordPress addresses two privilege escalation vulnerabilities that could potentially be exploited by a malicious user to bypass certain security restrictions. WordPress is often a target for attackers and ensuring it is secure protects not only the published content but the readers of the content.
The vulnerabilities are said to be in the Atom Publishing Protocol endpoint and in code related to multi-site installations. New hardening measures such as simplified error messages when an upload fails have also been incorporated. Issues unrelated to security that have been fixed include pagination problems, a bug that caused themes to not preview correctly, issues with the visual editor when working with captions, and problems in the admin area that could result in lag and freezing when run under older browsers such as Internet Explorer 7.
Further information about the update, including a full list of fixes, can be found on the 3.4.2 Trac and Codex pages. WordPress 3.4.2 can be downloaded from the project's site; existing users can upgrade using the built-in update functionality. Source code and binaries for WordPress are licensed under the GPLv2 or later.
The developers have also updated their WordPress for iOS mobile app to version 3.1.3. The update adds a settings form for editing and testing credentials for the WordPress enhancement package Jetpack, corrects problems when trying to reset passwords within the app, and fixes various crashing bugs.
- WordPress 3.4 update closes important security hole, a report from The H.