• Skip to primary navigation
  • Skip to main content
  • Skip to footer
WPSecurityLock – Malware removal & WordPress security services

WPSecurityLock – Malware removal & WordPress security services

WordPress security, malware removal, repair, backups, ongoing maintenance, installation, site migration & support services – WP Security Lock.

  • Facebook
  • LinkedIn
  • Twitter
  • Home
  • About
    • About Us
    • Speaker Information
    • Contact Us by Phone, Email or Live Chat
    • Testimonials
  • Security Services
    • Malware / Virus Removal
    • WordPress Security and Installation Services
    • Monthly Security Packages
    • SSL Conversion Service (HTTP to HTTPS)
  • Blog
  • Resources
  • Contact
  • SafeWP

WordPress 3.3.1 XSS Vulnerability Patch and 15 Bugs Fixed

January 4, 2012 By Regina Smola 2 Comments

WordPress 3.3.1 UpdateWordPress 3.3.1 has now been released and is ready for download!

On January 3, 2012, the developers of WordPress released version 3.3.1 (security and maintenance release), which fixes 15 bugs/issues and also closes the zero-day cross-site scripting vulnerability that was found early this week.

The Cross-Site Scripting XSS vulnerability in version 3.3 could only be reproduced/tested using an IP address (not a domain name) via Internet Explorer according to ethicalhack3r.

The XSS vulnerability that affected WordPress version 3.3 has been patched in version 3.3.1.

WordPress 3.3.1 Files Revised:

  • wp-includes/nav-menu-template.php
  • wp-includes/version.php
  • wp-includes/functions.php
  • wp-includes/user.php
  • wp-includes/functions.wp-styles.php
  • wp-includes/capabilities.php
  • wp-includes/script-loader.php
  • wp-includes/class-wp-admin-bar.php
  • readme.html
  • wp-admin/users.php
  • wp-admin/includes/dashboard.php
  • wp-admin/includes/update-core.php
  • wp-admin/includes/template.php
  • wp-admin/includes/ms.php
  • wp-admin/js/common.js
  • wp-admin/js/common.dev.js
  • wp-admin/load-scripts.php
  • wp-admin/press-this.php
  • wp-admin/about.php

A big thank you goes out to the WordPress Team for closing the vulnerability so quickly and addressing the other 15 bugs/issues!

We recommend that you update your WordPress blogs to version 3.3.1 as soon as possible.

WordPress 3.3.1 Resources:

  • WordPress.org 3.3.1 Announcement Post
  • WordPress Version 3.3.1 Codex
  • WordPress 3.3.1 full log of changes
  • Troubleshooting WordPress 3.3 – Master List
  • Download WordPress 3.3.1
  • Updating WordPress Extended
  • WordPress Release Notification Email List (fill out your email on the right)

 Leave Your Feedback

Have you upgraded to WordPress 3.31 yet? Did you notice any issues during your update process? Find any plugin or theme conflicts? Let's help each other out by leaving your comment below.

Securely yours,

Regina Smola

Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan

Filed Under: WordPress Security Tips Tagged With: update wordpress, wordpress 3.3.1, wordpress upgrade

Reader Interactions

Comments

  1. Robert Nelson says

    January 4, 2012 at 8:55 pm

    Thanks for the heads up on WP3.3.1. Beginning to think that those who wait for the 1st security fix after a upgrade are the smarter ones.

    On a different note, the BP security WP plug-in suggests a number of permission changes for some WP files, do you agree? If not which ones are you in disagreement?

    Reply
    • Regina Smola says

      January 7, 2012 at 2:11 pm

      Thanks for your comment Robert.

      I agree with the permissions with BPS if the hosting server will allow them.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s work together:

Get in touch with us and send some basic info about your project. Don't be shy, we can help with just about anything.

Contact Us!

Footer

  • Facebook
  • LinkedIn
  • Twitter

Contact

Call 815-600-7270
Contact
Mo,Tu,We,Th,Fr 9:00 am – 5:00 pm

Get WordPress Help Now

Chat With Us!
Submit A Support Ticket

Copyright © 2025 | WP Security Lock, Inc