December 11, 2016
WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions. This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site. Thanks K. Gudinavicius of SEC Consult for bringing this to our attention. Version 3.1.4 also incorporates several other security fixes and more »
Read the full article →
December 10, 2016
Various security hardening by Alexander Concha. Taxonomy query hardening by John Lamansky. Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros. Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research. Improves file upload security on hosts with dangerous security settings. Cleans up old more »
Read the full article →