ghacks Technology News

WordPress 3.0.4 Released, Fixes Critical Security Vulnerability

An update to the popular blogging platform WordPress has just been released that fixes a critical security vulnerability in the software. WordPress 3.0.4 is already available for download at the official website and through the updating options on installed WordPress blogs.

The update is currently not announced on the frontpage of the admin interface which means that WordPress admins need to click on Updates to see the update options.

It is as usually possible to install the update right away by downloading it directly to the server running the blog. The script handles the download, unpacking and installation of the new version automatically.

Users who want to test the release first can also download it instead to do just that.

wordpress 3.0.4 update

The vulnerability reads:

Fix XSS vulnerabilities in the KSES library: Don’t be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url()

WordPress rates the vulnerability as critical which means that webmasters should update their blogs as soon as possible to protect it from possible exploits of the issue.

WordPress is also available directly at the official website.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.

Related Articles:

WordPress 3.1.1 Released, Fixes Security Issues
Firefox 3.6.12 Fixes Critical Security Vulnerability
Adobe Reader 9.3.3 Released, Fixes Critical Security Issues
WordPress 3.03 Security Update Released
Adobe Fixes Critical Shockwave Vulnerability



About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.

Author: , Thursday December 30, 2010 -
Tags:, , , ,

Previous Post: Allow Samba through your Linux firewall with ufw

Next Post: Windows Phone Marketplace hits 5,000 Apps and is Cracked

Click on the following link(s) to read more about Security

Responses so far:

  1. Usman Ahmed says:
    December 30, 2010 at 7:15 pm

    I am using 3.0.1. I will update it with hope that it will not do anything wrong with my website.

    Reply
  2. Tafreevar says:
    December 31, 2010 at 11:33 am

    Would you please explain it in simple words?

    “Fix XSS vulnerabilities in the KSES library: Don’t be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url()”

    Thanks in advance.

    Reply
  3. Sandal Wanita says:
    February 5, 2011 at 6:43 am

    Wow, this is what I’m looking for. Thanks for sharing and nice info.

    Reply
  4. Toko Komputer Online says:
    February 7, 2011 at 10:47 am

    Very nice post. It gives information I need. Thanks for sharing.

    Reply
  5. Macaroni Schotel says:
    June 14, 2011 at 5:25 pm

    The first thing I did when I was checking my wp dashboard was upgrade.

    Reply

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Subscribe without commenting

 Ghacks Technology Newsletter 
Ghacks Daily Newsletter

Recent Posts

Follow This Blog

RSS Feeds
Google+ Page; Facebook Fan Page; Twitter




Popular Articles

Popular Searches

Popular Tags

Topics

Links

About Ghacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular latest tech news sites on the Internet with five authors and regular contributions from freelance writers.

Services

Authors

Martin Brinkmann
Melanie Gross
Mike Halsey
Ryan D. Lang
Jack Wallen

© 2005-2012 Ghacks.net. All Rights Reserved. Privacy Policy - About Us