Security Updates, I had thought were a thing that only happened to people running Windows operating system. Yet WordPress has issued 3 patches in the last 30 days to address security fixes.
30 November 2010 WordPress 3.0.2 was a mandatory security update.
This was the first update in nearly 6 months so it was a surprise that barely a week later we get another update.
8 December 2010 WordPress 3.0.3 came out as an update for all previous versions of WordPress. Which addressed issues in the XML-RPC remote publishing interface that under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts.
Now everyone has been expecting the next update to be WordPress 3.1 which is available for beta testing and has some cool features. Instead, the post Christmas update is another security update.
30 December 2010 WordPress 3.0.4 is described as a critical security update for all previous WordPress versions. This fix address a cross site scripting vulnerability.
Interesting point - this vulnerability must be pretty critical as for the first time ever, I have received an email from WordPress.Org telling me to update.
Hopefully there are no more critical or mandatory updates in the next week.
If you haven’t updated your WordPress to the latest security patch and you haven’t looked at changing your passwords in the last month, then today should be the day.