WordPress Security Updates: WordPress 3.4.2 Released 9-6-2012

The makers of WordPress today released version 3.4.2, which addresses some security vulnerabilities.

  • Fix unfiltered HTML capabilities in multisite.
  • Fix possible privilege escalation in the Atom Publishing Protocol endpoint.
  • Allow operations on network plugins only through the network admin.
  • Hardening: Simplify error messages when uploads fail.
  • Hardening: Validate a parameter passed to wp_get_object_terms().

From WordPress.org

WordPress Security VulnerabilityIn addition, this release addresses some issues with theme previews, older browser dashboard speed, image captions, and more.

Given that this is a security update, it’s critical that you update all your self-hosted WordPress sites as soon as possible. I updated this site along with several other blogs I own, and have not experienced any difficulties.

Before updating your site, make sure you make a complete backup first.

Once your site is backed up, simply log into your dashboard and look for the notification near the top of the page:

And click the “Please update now” link, then follow the instructions.

Important note: If your site is currently running WordPress 3.1 or earlier, it is not safe to use the automatic update feature. Instead, you will need to upgrade incrementally using the instructions here.

Once you’ve updated, stop by the members group¬†and let us know if you had any trouble, and if any of your plugins experienced a conflict.



Speak Your Mind

WordPress® and its related trademarks are registered trademarks of Automattic, Inc. This site is not affiliated
with or sponsored by Automattic, Inc., the WordPress Foundation or the WordPress® Open Source project.