Jun 30, 2011 08:06 GMT  ·  By

The WordPress development team has released version 3.1.4 of the popular blogging platform in order to address several vulnerabilities and security issues.

The new release fixes a privilege escalation weakness that allows users with Editor levels to gain higher access to the site than usual.

WordPress developers credit K. Gudinavicius of SEC Consult with discovering and reporting this vulnerability.

Alexander Concha and Jon Cave of the WordPress security team also contributed multiple security fixes and hardening measures for various sorting and ordering functions.

In addition to 3.1.4, the development team released the third release candidate (RC3) of the upcoming WordPress 3.2 version.

This is expected to be the final release candidate before the new version ships and contains all security patches in 3.1.4 and some additional fixes.

The developers write that RC3 includes "few minor RTL, JavaScript, and user interface fixes; and ensures graceful failures if 3.2 is run on PHP4." There is also a reminder that the minimum requirements for the upcoming version will be PHP 5.2.4 and MySQL 5.0.

The 3.1.4 release lands around one month after the release of 3.1.3 and, as usual, can be deployed from the Dashboard > Updates menu.

WordPress is the most popular content publishing platform which makes it an attractive target for cyber criminals. There have been many attacks exploiting WordPress vulnerabilities in the past, so keeping installations up to date is critical.

Last week, the WordPress team reset everyone's password on the project's websites after it discovered that several popular plugins had been backdoored. Keeping plugins up to date and ensuring their authenticity is also very important.

WordPress 3.1.4 can also be downloaded from here and installed manually.