WordPress released version 2.9.2 to address a security vulnerability that was previously reported by Thomas Mackenzie on his personal blog. The trash feature of earlier WordPress versions, where deleted posts are stored so that they can be restored if they have been accidentally deleted, is vulnerable to exploits.
If your WordPress blog have many users, all of them including those with subscriber roles, can have access to all deleted articles that have been moved to the trash. In theory, anyone with a user account in a WordPress blog with multiple authors can access the trashed articles regardless of which user wrote them.
With WordPress 2.9.2, patch fixes were included so that this exploit is no longer possible.
You can download the latest version of WordPress at their homepage. Those who have configured their blogs for automatic updates can upgrade their blogs with a few clicks.
Read Related Posts :
Forty days after WordPress 3.0 was released, the WordPress team is releasing version 3.0.1. The release fixes 55 minor issues including ...
WordPress is very powerful and flexible. A premium WordPress theme should be able to accommodate its power and flexibility. How would a ...
The much awaited 3.0 version of WordPress is now available for download. You would have probably noticed the update link on your WordPre ...
When you choose a WordPress Theme for your blog, there are two things that you need to look for; DESIGN and SEO! Design because it's the ...
Twitter
Facebook
FriendFeed
StumbleUpon
Only blogs running WordPress 2.9 or 2.9.1 are vulnerable to this security flaw. Those running on version 2.8.6 and below aren’t because they don’t have the “trash status” feature yet.
Thanks for pointing that out. I should have included it on my post. But it’s still worthwhile to upgrade to the latest Wordpress version.
No problem. That’s true but since the issue being addressed involves multi-authors or registered users, upgrading to WP 2.9.2 won’t make a difference if the blog has only 1 author or if all authors are trustworthy or part of a group/company of bloggers.
Wordpress update are always handy but this update is useful for only those who have their registration open.
I will wait for latest Wordpress 3.0 which have Wordpress MU capability.
Looking forward to that as well.
I saw this new update today and checked the new post from Wordpress team. realize this update is to resolve the issue with
multiple author blog and since I have one… I had no choice apart from updating my
Wordpress version. Thanks for updating us about it.!!
Cool. Glad to see familiar faces visiting my blog.
Thanks for the Update…Just updated my blog with latest 2.9.2 after taking a clean backup
I recently Started blogging and when I install Wordpress my hosting installed 2.9.1 instead of 2.9.2.
And I had to manually upgrade the wordpress to the latest version. though it was not tough though initially I thought of it as quite scary.