Just a week after they released the WordPress 3.0.2 security update, the WordPress dev team has released another security update early this morning – WordPress 3.0.3. This security update is mandatory for all previous versions of WordPress.
WordPress 3.0.3 fixes issues found in the remote publishing interface that in certain situations could allow Author and Contributor level users to maliciously or improperly edit, publish or delete posts. These issues only affect sites that have remote publishing enabled, so if your blog has remote publishing enabled, it is advised that you upgrade to this security update ASAP.
By default, remote publishing is disabled but could be enabled by using remote publishing clients like the WordPress mobile apps. If you’re not sure whether remote publishing is enabled on your blog, you can check it from your WordPress dashboard and going to Settings > Writing.
WordPress 3.0.3 List of Revised Files
- wp-includes/version.php
- xmlrpc.php
- readme.html
- wp-admin/includes/update-core.php
You can download WordPress 3.0.3 manually from WordPress.org or do it automatically via the WordPress admin panel — Dashboard > Updates.
As a precaution, please make sure that you create a backup of your database, wp-config.php file, wp-content folder and other custom files as well as deactivate all active plugins before you proceed with the upgrade process.
Everyone is strongly advised to immediately upgrade to this security update. Better safe than sorry folks!
