14 DAY TRIAL // WordPress 3.0.5 has been released as a security update for the popular blogging platform and addresses several medium-impact vulnerabilities.
The release addresses two privilege escalation flaws which allow users with Author or Contributor permissions to gain additional permissions.
The vulnerabilities are the results of cross-site scripting weaknesses in the Quick/Bulk Edit title field and the tags meta box.
A separate information disclosure vulnerability which allows Authors to see draft or private posts without authorization was also addressed. It is caused by a bug in the media uploader.
In addition to vulnerability fixes, this release also contains two security enhancements. One improves the security of some plugins and consists of forcing HTML filtering on comment text in the admin area.
The second hardens defenses against a previously patched vulnerability by imposing restrictions on check_admin_referer() when called without arguments.
The WordPress development team thanks users Nils Jueneman and Saddy for responsibly disclosing two of the vulnerabilities. The others were discovered in-house.
Non-security changes in WordPress 3.0.5 include updating the license to GPLv2 (or later) and the copyright information for the KSES library.
"This security release is required if you have any untrusted user accounts, but it also comes with important security enhancements and hardening. All WordPress users are strongly encouraged to update," the development team writes.
Updating to the new version can be done from the Dashboard > Updates menu. The process is pretty straight-forward and shouldn't normally generate any problems.
WordPress 3.1 Release Candidate 4 was also made available to users. It contains all the security patches and enhancements of 3.0.5 and some other bug fixes.
The development team feels confident that the next major branch of the blogging platform is nearing a stable release.
WordPress 3.0.5 and 3.1 RC4 can be downloaded from here.