|Tags||php mysql wordpress blog webcms blogging www end-users|
4.2.129 Apr 2015 23:45 security: Fix for XSS exploit within comment approval interface.
4.0.121 Nov 2014 08:45 security: WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. Version 4.0.0 was unaffected, but fixes 8 other security woes still: Three cross-site scripting issues that a contributor or author could use to compromise a site. A cross-site request forgery that could be used to trick a user into changing their password. An issue that could lead to a denial of service when passwords are checked. Additional protections for server-side request forgery attacks when WordPress makes HTTP requests. An extremely unlikely hash collision could allow a user s account to be compromised, that also required that they haven t logged in since 2008 (I wish I were kidding). WordPress now invalidates the links in a password reset email if the user remembers their password, logs in, and changes their email address. Version 4.0.1 also fixes 23 bugs with 4.0, and we ve made two hardening changes, including better validation of EXIF data we are extracting from uploaded photos.
4.006 Sep 2014 08:36 major feature: Version 4.0 of WordPress, named Benny in honor of jazz clarinetist and bandleader Benny Goodman, adds many new features and bugfixes. New style for the media upload manager. A default YouTube URL embedding scheme has been introduced. The WYSIWYG editor now automatically expands to the current text length. Plugin management and downloads have been extended with new filtering / search functions and a nicer browser.
ManageYou can also help out here by:
← Update project
or flagging this entry for moderator attention.