WordPress update
The latest version, 2.3.1, of the popular WordPress blogging software has eliminated a cross-site scripting vulnerability. With the register_globals option activated, JavaScript can be passed to the wp-admin/edit-post-rows.php module and executed in the browser of the user calling the page. More than 20 other bugs have also been fixed.
- WordPress 2.3.1, announcement on Wordpress.org
- XSS in WordPress 2.3, security advisory from Waraxe
(mba)