WordPress 3.0.3 Fixes Authorization Issues
Hot on the heels of the previous update that patched an authenticated SQL injection vulnerability, WordPress have released version 3.0.3 which fixes authorization issues in the remote publishing interface. The vulnerability may allow Author and Contributor-level users to improperly edit, publish, or delete posts. WordPress state:
These issues only affect sites that have remote publishing enabled.
I would also add that these issues only affect sites that actually have Author and Contributor-level users. If you’re the only user of your blog, you don’t need to be worried (but update anyway).
Remote publishing is enabled and disabled in Settings > Writing > Remote Publishing.
- WordPress 3.0.4 Patches XSS Flaws in HTML Sanitation Library
- Mac OS X Skype 0day Remote Code Execution Vulnerability [Updated]
- iPad Lock Screen Bypass Vulnerability using Smart Cover [Patched]
- WordPress <= 3.0.1 Authenticated SQL Injection
- Security Update 2011-005 Fixes DigiNotar SSL Vulnerability