FYI...WordPress v3.3.2 released
April 20, 2012 - "The latest stable release of WordPress (Version 3.3.2) is available..."
April 20, 2012 - "WordPress 3.3.2 is available now and is a security update for -all- previous versions
. Three external libraries included in WordPress received security updates
> Plupload (version 1.5.4), which WordPress uses for uploading media.
> SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
> SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes...
... also addresses:
> Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances...
> Cross-site scripting vulnerability when making URLs clickable...
> Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs...
These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2..."
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2399 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2400 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2401 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2402 - 5.5
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2403 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2404 - 4.3
Last revised: 04/23/2012 - "... WordPress before
23 April 2012
Release Date: 2012-04-23
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting
Where: From remote
... vulnerabilities are reported in versions prior to 3.3.2.
Solution: Update to version 3.3.2.