Three external libraries included in WordPress received security updates:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

Thanks to Neal Poole and Nathan Partlan for responsibly disclosing the bugs in Plupload and SWFUpload, and Szymon Gruszecki for a separate bug in SWFUpload.

WordPress 3.3.2 also addresses:

  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
  • Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team….Read More
Share →

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 

Looking for something?

Use the form below to search the site:


Still not finding what you're looking for? Drop us a note so we can take care of it!

Visit our friends!

A few highly recommended friends...

Set your Twitter account name in your settings to use the TwitterBar Section.