WordPress 3.3.2 Security Update Fixes Cross-site Scripting & Other Vul's; WordPress 3.4 Beta 3 Released

WordPress 3.3.2, a security update for all previous versions avilable today addresses the following exploits including five other bugs were also fixed:Three external libraries included in WordPress received security updates:Plupload (version 1.5.4), which WordPress uses for uploading media.SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.SWFObject, which WordPress […]

WordPress 3.3.2, a security update for all previous versions avilable today addresses the following exploits including five other bugs were also fixed:

Three external libraries included in WordPress received security updates:

  • Plupload (version 1.5.4), which WordPress uses for uploading media.
  • SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
  • SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
  • Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances
  • Cross-site scripting vulnerability when making URLs clickable
  • Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.

Also, WordPress 3.4 Beta 3 is now available for testing. "Nearly 90 changes have been made since Beta 2, released 9 days ago," the team said.

Version 3.4 Beta 3 includes all of the fixes included in version 3.3.2.

The team says that they are aiming for a beta every week.

Download WordPress 3.4 Beta 3 here, or use the WordPress Beta Tester plugin.