In association with heise online

30 December 2010, 10:56

Critical update for WordPress

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A critical update has been made available for WordPress in the form of version 3.0.4. The update fixes a security bug in WordPress's KSES library which performs HTML sanitisation within the publishing platform.

WordPress's Matt Mullenweg said of the update: "I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for". Mullenweg also invited security researchers to look over the changeset and give feedback, and thanked Mauro Gentile and Jon Cave who discovered the XSS vulnerabilities.

The update to the GPL licensed WordPress should be available in the WordPress dashboard or can be downloaded from


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit