The folks at WordPress have announced today that a critical core security bug has been found in all 3.0.3 installs and below. The bug is a XSS flaw found in the HTML sanitation library, also known as KSES. The new update has been label as critical by the WordPress team.
Sophos Naked Security Blog said that the bug is “… quite trivial for folks with malicious intent to exploit”. “The flaws exist in parts of the code which are case-sensitive when detecting which protocols are allowed in certain parts of the application. The update prohibits evading the rules with mixed case input.”
I’ve already updated Newb Wired and suggest that you do the same.