WordPress 3.3.1 has now been released and is ready for download!

On January 3, 2012, the developers of WordPress released version 3.3.1 (security and maintenance release), which fixes 15 bugs/issues and also closes the zero-day cross-site scripting vulnerability that was found early this week.

The Cross-Site Scripting XSS vulnerability in version 3.3 could only be reproduced/tested using an IP address (not a domain name) via Internet Explorer according to ethicalhack3r.

The XSS vulnerability that affected WordPress version 3.3 has been patched in version 3.3.1.

WordPress 3.3.1 Files Revised:

• wp-includes/nav-menu-template.php
• wp-includes/version.php
• wp-includes/functions.php
• wp-includes/user.php
• wp-includes/functions.wp-styles.php
• wp-includes/capabilities.php
• wp-includes/script-loader.php
• wp-includes/class-wp-admin-bar.php
• readme.html
• wp-admin/users.php
• wp-admin/includes/dashboard.php
• wp-admin/includes/update-core.php
• wp-admin/includes/template.php
• wp-admin/includes/ms.php
• wp-admin/js/common.js
• wp-admin/js/common.dev.js
• wp-admin/load-scripts.php
• wp-admin/press-this.php
• wp-admin/about.php

A big thank you goes out to the WordPress Team for closing the vulnerability so quickly and addressing the other 15 bugs/issues!

We recommend that you update your WordPress blogs to version 3.3.1 as soon as possible.

WordPress 3.3.1 Resources:

• WordPress.org 3.3.1 Announcement Post
• WordPress Version 3.3.1 Codex
• WordPress 3.3.1 full log of changes
• Troubleshooting WordPress 3.3 – Master List
• Download WordPress 3.3.1
• Updating WordPress Extended
• WordPress Release Notification Email List (fill out your email on the right)

 Leave Your Feedback

Have you upgraded to WordPress 3.31 yet? Did you notice any issues during your update process? Find any plugin or theme conflicts? Let's help each other out by leaving your comment below.

Securely yours,

Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan