An update for the blogging script WordPress has just been released by the development team. The update fixes a security vulnerability that was previously reported by Thomas Mackenzie on his personal blog. The vulnerability affects all WordPress installations with the version number 2.9.0 or later. Previous WordPress installations are not affected by the vulnerability (but are insecure because of other reasons).
The vulnerability exploits a new feature that has been introduced in WordPress 2.9: the trash. The trash is a basic trashcan where deleted posts are placed so that they can be restored if they have been deleted by accident. This trash can be disabled but is activated by default on all WordPress 2.9 and later blogs.
Every logged in user, even those with the subscriber role, can access all deleted articles and posts that have been moved to the trash. This might not affect the majority of blogs as there need to be at least two registered users and at least one user that is not trusted by the administrator of the site.
In theory though anyone with a user account at the website can access the trashed articles regardless of which user wrote them.
The WordPress 2.9.2 patch fixes this exploit so that this is no longer possible. WordPress 2.9.2. can be downloaded from the official WordPress website. Users who have configured their blog for automatic updates can also update the blog from within the blog right away.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
WordPress 3.03 Security Update ReleasedWordPress 2.9 Released
WordPress 3.0.4 Released, Fixes Critical Security Vulnerability
WordPress 3.1.2 Released, Security Update
WordPress 3.1.4 Security Update Released
just upgraded two blogs >> it fixed now
WordPress update are always handy but this update is useful for only those who have their registration open.
I will wait for latest WordPress 3.0 which have WordPress MU capability.
I saw this new update today and checked the new post from WordPress team. realize this update is to resolve the issue with
multiple author blog and since I have one… I had no choice apart from updating my
Wordpress version. Thanks for updating us about it.!!
Thks 4 this info ;)
Thanks for the Update…Just updated my blog with latest 2.9.2 :)
Very useful information.. thanks
I recently Started blogging and when I install WordPress my hosting installed 2.9.1 instead of 2.9.2.
And I had to manually upgrade the wordpress to the latest version. though it was not tough though initially I thought of it as quite scary.