WordPress has released a mandatory security update with the wordpress version 3.0.2. It involves resolving some of the bugs and security holes in wordpress.
From WordPress Blog
This maintenance release fixes a moderate security issue that could allow a malicious Author-level user to gain further access to the site, addresses a handful of bugs, and provides some additional security enhancements.
Below are some of the fixes/changes applied to this release; for a complete list click here.
- Fix moderate security issue where a malicious Author-level user could gain further access to the site.
- Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
- Fix canonical redirection for permalinks containing %category% with nested categories and paging.
- Fix occasional irrelevant error messages on plugin activation.
- Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
Download 3.0.2 or update automatically from the Dashboard menu in your site’s admin area.
It is highly encouraged that you update your wordpress installation as soon as possible to this release. You should update immediately even if you are certain that you do not have untrusted users.
Just hope all wordpress plugin developer can catch up with wordpress updates. Some of the plugins don’t works with new wordpress updates.