WordPress 2.3.3 Security Release

WordPress.org Logo

The WordPress.org team has released an official update to WordPress dubbed 2.3.3. This update fixes a serious security flaw that was discovered within the XML-RPC implementation. By using this flaw, a specially crafted request would allow any valid user to edit posts of any other user on that blog.

The team also managed to place three bug fixes into the patch which can be viewed here. These types of releases for WordPress.org are serious. No, the world will not end if you do not upgrade. However, you are putting your site at an increased risk of being exploited. As was reported by me on WeblogToolsCollection.com, malicious users are in fact taking advantage of the flaws found within the WP-Forum plugin. If you are using WP-Forum, you are encouraged to disable the plugin until a security patch has been released.

Visit WordPress.org to see the complete details regarding this release.

WordPress 2.3.1 Ready For Download

WordPress LogoWordPress 2.3.1 has been released for download. The latest version contains bug and security fixes. According to WordPress.org, 2.3.1 contains over twenty bug fixes. Some of the fixes that are highlighted in this release are as follows: Tagging support for Windows Live Writer , Fixes for a login bug that affected those with a Blog Address different than their WordPress Address, Faster taxonomy database queries, especially tag intersection queries and Link importer fixes.

Unfortunately, some security issues were found in 2.3. Janek Vind found an XSS problem that can be exploited if your php setup has register_globals enabled. For this reason, upgrading to 2.3.1 is advised.

The full set of changes between 2.3 and 2.3.1 is available for viewing on trac.

Get 2.3.1 from the download page and enjoy.

I’ll be upgrading this site later tonight and will let you know how it went. If you upgrade this evening, let us know how it goes.

My WordPress 2.3 Upgrade Experience

I’m writing this post within the new fancy WYSIWYG editor which is nothing more than the same editor with the exception of a new button. The new button shows me quite a few new formatting features but my favorite one is the UNDO button.

So far, my WordPress upgrade experience has been pretty good. I did encounter an upload problem in which a few folders were uploaded into other folders. In other words, some folders were not overwritten like they were supposed to be. I fixed this and re-uploaded the files which allowed the WordPress upgrade script to properly update my database.

I believe there is a bug that was created after my WordPress installation was upgraded. As you can see below, the area of my dashboard which would normally show incoming links to my site from outside sources, is now showing my own blog posts from my front page. I’m pretty sure this is not supposed to happen. This never occurred during any other WP upgrade I have performed. I have since created a forum post about it on the official WP forums to see if it’s a bug or not.

WordPRess 2.3 Bug

I knew about the tag importers being added to WordPress 2.3 but for the life of me, I couldn’t figure out where they were. I eventually located them within the MANAGE-IMPORT area of my WordPress admin panel. After clicking on the importer for my Ultimate Tagging Warrior plugin, all of my tags were imported into the native tagging features implemented into WP 2.3 I also experienced numerous wordpress.wp_post2cat does not exist errors which were being generated by the UTW plugin, so be sure to disable it once you complete your upgrade.

I want to give a very big thank you to everyone responsible for the automatic update notification feature. This is an invaluable time saver. After my upgrade was complete, I discovered 5 plugins which had an update available for download. The notification window provides a direct link to the plugin on the wordpress.org site where additional information along with the plugin files can be located.

Last but not least, if you are experiencing trouble with WordPress, the best place to find help is the WordPress.org forums. However, before creating a new post, be sure to perform a search to see if your question was already answered. There is nothing more annoying on a forum than seeing 50 different forum threads on the same topic which has already been answered.

You’ve read my experience, now it’s time to share yours by leaving a comment below.