Assalamualaikum dan selamat malam,

ini sekadar artikel ringkas nak ingatkan kepada rakan-rakan yang masih belum mengemaskini versi WordPress masing-masing. Versi 3.3.2 ini membawakan kemaskini keselamatan yang penting antaranya,

Three external libraries included in WordPress received security updates:

• Plupload (version 1.5.4), which WordPress uses for uploading media.
• SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
• SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.

WordPress 3.3.2 also addresses:

• Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances.
• Cross-site scripting vulnerability when making URLs clickable.
• Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs.

Baca butiran lanjut di sini
 

Assalamualaikum dan selamat pagi semua,

pagi tadi WordPress telah mengeluarkan versi terbaru iaitu versi 3.0.2 yang menumpukan kepada beberapa masalah sekuriti yang penting. Sekiranya anda belum mengemaskini WordPress anda, silalah berbuka demikian dengan menggunakan fungsi automatic update ataupun anda boleh memuat turunnya di laman WordPress Download

Sedikit petikan dari laman blog WordPress

This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikovfor detailed and responsible disclosure of the security issue!

Selamat mengemaskini semua.