WordPress 3.0.4 is out. What?! [UPDATE: The advisory is now online: Persistent XSS vulnerability – wordpress 3.0.3 (kses.php) ]
Keep cool. There is an release (all 3.0.2 to 3.0.4 changes), but actually Matt Mullenweg is asking for a security review pro-bono first.
[UPDATE: As this is exploitable for 2.9.2 blogs as well, I’ve created Ticket #16042 with a patch for 2.9.2]
Well didn’t I suggest it in my last post reg. security? Matt, why don’t you act pro-actively?
Just do it. I mean, there should be enough money laying around. And if money is not the problem, what is the problem?
More coverage by:
- Lorelle: Update WordPress Now: WordPress 3.0.4
- Ben Cook: WordPress’ Christmas Present: A Security Update!
- WordPress, style.css.php and You