WordPress 3.3.1 has now been released and is ready for download!
On January 3, 2012, the developers of WordPress released version 3.3.1 (security and maintenance release), which fixes 15 bugs/issues and also closes the zero-day cross-site scripting vulnerability that was found early this week.
The Cross-Site Scripting XSS vulnerability in version 3.3 could only be reproduced/tested using an IP address (not a domain name) via Internet Explorer according to ethicalhack3r.
The XSS vulnerability that affected WordPress version 3.3 has been patched in version 3.3.1.
WordPress 3.3.1 Files Revised:
- wp-includes/nav-menu-template.php
- wp-includes/version.php
- wp-includes/functions.php
- wp-includes/user.php
- wp-includes/functions.wp-styles.php
- wp-includes/capabilities.php
- wp-includes/script-loader.php
- wp-includes/class-wp-admin-bar.php
- readme.html
- wp-admin/users.php
- wp-admin/includes/dashboard.php
- wp-admin/includes/update-core.php
- wp-admin/includes/template.php
- wp-admin/includes/ms.php
- wp-admin/js/common.js
- wp-admin/js/common.dev.js
- wp-admin/load-scripts.php
- wp-admin/press-this.php
- wp-admin/about.php
A big thank you goes out to the WordPress Team for closing the vulnerability so quickly and addressing the other 15 bugs/issues!
We recommend that you update your WordPress blogs to version 3.3.1 as soon as possible.
WordPress 3.3.1 Resources:
- WordPress.org 3.3.1 Announcement Post
- WordPress Version 3.3.1 Codex
- WordPress 3.3.1 full log of changes
- Troubleshooting WordPress 3.3 – Master List
- Download WordPress 3.3.1
- Updating WordPress Extended
- WordPress Release Notification Email List (fill out your email on the right)
Leave Your Feedback
Have you upgraded to WordPress 3.31 yet? Did you notice any issues during your update process? Find any plugin or theme conflicts? Let's help each other out by leaving your comment below.
Securely yours,
Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan
Thanks for the heads up on WP3.3.1. Beginning to think that those who wait for the 1st security fix after a upgrade are the smarter ones.
On a different note, the BP security WP plug-in suggests a number of permission changes for some WP files, do you agree? If not which ones are you in disagreement?
Thanks for your comment Robert.
I agree with the permissions with BPS if the hosting server will allow them.