WordPress 3.3.2 Maintenance and Security Update Released

Martin Brinkmann
Apr 20, 2012
Updated • Apr 20, 2012

The WordPress development team has just released version 3.3.2 of the blogging platform. WordPress 3.3.2 is a security and maintenance release that WordPress webmasters and administrators should install on their blogs as soon as possible.

WordPress updates are as usually announced in the admin dashboard of the WordPress installation. Webmasters can run the update from there automatically if they have the proper permissions to run the platform update on the web server. Webmasters who do not have the permissions to do just that, need to update the blog to the new WordPress version manually by uploading the WordPress files to the server manually, and running the updating script afterwards (by running /wp-admin/upgrade.php in the web browser).

Webmasters who do not see the update notifications right now, need to click on Dashboard > Updates to check for newer versions manually. This should pick up the new version then.

wordpress 3.3.2. update

The summary on the WordPress Codex website reveals the security updates that have made their way in WordPress 3.3.2:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
  • Cross-site scripting vulnerability when making URLs clickable.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs

Five other non-security related bugs were also fixed in this version of WordPress. All WordPress 3.3.2 changes are listed in the full change log which can be accessed here.

The update should not break a site's theme or plugins, as it is not making changes to WordPress core features or technologies. It is still recommended to create a backup of the blog and database before you apply the update.


Previous Post: «
Next Post: «


  1. echenze said on April 20, 2012 at 10:20 pm

    It does not affect plugins and themes? I have my doubts. I don’t use buddypress but I don’t want to risk right now. Let those who have updated tell us what it is like. Any bugs?

    1. Martin Brinkmann said on April 20, 2012 at 10:38 pm

      Well the changes should not affect themes or plugins, but it seems that some webmasters are still running into issues. I have updated about 30 blogs and not a single update has caused issues.

  2. ilev said on April 20, 2012 at 8:18 pm

    Did they fix the mess of Mac OSX Flashfake trojan where as many as 100,000 WordPress blogs infected 700,000 Macs with the malware ?

    1. Bunkybuddy said on April 20, 2012 at 8:29 pm

      I installed the 3.3.2 update today, and none of my buddypress links work.. i.e. groups, forums, posts, members, profiles.. none of them… what could be causing this?

      Update: i was able to relieve the problem by disabling a plugin called “role scoper” and re-enabling it. it appears to be still causing errors elsewhere so i have totally disabled the plugin completely to restore functionality back to my website. Sux cuz a lot of my pages rely on it. it worked fine until i upgraded to the new wordpress ver 3.3.2. also, i noticed that when uploading an avatar to groups, it does alot of weird stuff during the cropping phase. it could be an issue just with my installation, but i felt it at least worth mentioning.

      1. Martin Brinkmann said on April 20, 2012 at 8:59 pm

        That sounds like a big issue, have you checked the support forums to see if there are other BuddyPress users affected by this?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.