You are here: Home / Blog / WordPress 3.3.1 XSS Vulnerability Patch and 15 Bugs Fixed

WordPress 3.3.1 XSS Vulnerability Patch and 15 Bugs Fixed

By 2 Comments
Pin It

WordPress 3.3.1 UpdateWordPress 3.3.1 has now been released and is ready for download!

On January 3, 2012, the developers of WordPress released version 3.3.1 (security and maintenance release), which fixes 15 bugs/issues and also closes the zero-day cross-site scripting vulnerability that was found early this week.

The Cross-Site Scripting XSS vulnerability in version 3.3 could only be reproduced/tested using an IP address (not a domain name) via Internet Explorer according to ethicalhack3r.

The XSS vulnerability that affected WordPress version 3.3 has been patched in version 3.3.1.

WordPress 3.3.1 Files Revised:

  • wp-includes/nav-menu-template.php
  • wp-includes/version.php
  • wp-includes/functions.php
  • wp-includes/user.php
  • wp-includes/functions.wp-styles.php
  • wp-includes/capabilities.php
  • wp-includes/script-loader.php
  • wp-includes/class-wp-admin-bar.php
  • readme.html
  • wp-admin/users.php
  • wp-admin/includes/dashboard.php
  • wp-admin/includes/update-core.php
  • wp-admin/includes/template.php
  • wp-admin/includes/ms.php
  • wp-admin/js/common.js
  • wp-admin/js/common.dev.js
  • wp-admin/load-scripts.php
  • wp-admin/press-this.php
  • wp-admin/about.php

A big thank you goes out to the WordPress Team for closing the vulnerability so quickly and addressing the other 15 bugs/issues!

We recommend that you update your WordPress blogs to version 3.3.1 as soon as possible.

WordPress 3.3.1 Resources:

 Leave Your Feedback

Have you upgraded to WordPress 3.31 yet? Did you notice any issues during your update process? Find any plugin or theme conflicts? Let's help each other out by leaving your comment below.

Securely yours,

Regina Smola

Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan

Related Posts:

Filed Under: Blog, WordPress Updates Tagged With: , ,
About Regina Smola

Regina is a sought-after WordPress Security Expert, Speaker, Author and owner of WPSecurityLock.com and WPSecurityClub.com.

She has helped thousands of WordPress users tighten security on their WordPress blogs and written numerous articles, books and action guides on securing self-hosted WordPress websites.

Regina provides WordPress Security Services for clients with both new and existing WordPress websites. She also offers individual consultations and group training on WordPress security. More about Regina Smola.

Comments

  1. Robert Nelson says:
    January 4, 2012 at 8:55 pm

    Thanks for the heads up on WP3.3.1. Beginning to think that those who wait for the 1st security fix after a upgrade are the smarter ones.

    On a different note, the BP security WP plug-in suggests a number of permission changes for some WP files, do you agree? If not which ones are you in disagreement?
    Follow @ on Twitter

    Reply

Speak Your Mind

*

You can add a link to follow you on twitter if you put your username in this box.
Only needs to be added once (unless you change your username). No http or @ Twitter