Warning for Bloggers: WordPress Finds Critical Security Flaw
Wordpress is recommending users immediately upgrade their accounts after a critical security bug was found in the popular blogging software.
WordPress posted a message yesterday (Dec. 29) warning users of a critical cross-site scripting (XSS) flaw in version 3.0.3 of the blog-publishing software that could be used by an attacker to bypass security controls and gain unauthorized access to a user's blog.
WordPress advised users to immediately update to version 3.0.4.
"I realize an update during the holidays is no fun, but this one is worth putting down the eggnog for. In the spirit of the holidays, consider helping your friends as well," read the WordPress blog.
The update is available for download at http://wordpress.org/download.
This is WordPress' second security update issued this month. In early December, WordPress, which is used by more than 25 million people and runs the blogs of Forbes, Best Buy and PopWatch among hundreds of others, issued a mandatory security update after a similar XSS flaw was found.