The WordPress dev team has released the WordPress 3.0.4 security update to fix a core security bug in the HTML sanitation library. This particular version or release is classified as “critical” so all self-hosted WordPress users are advised to update/upgrade their WordPress installation ASAP!
Here’s an excerpt of the official announcement from the WordPress blog:
Version 3.0.4 of WordPress, available immediately through the update page in your dashboard or for download here, is a very important update to apply to your sites as soon as possible because it fixes a core security bug in our HTML sanitation library, called KSES. I would rate this release as “critical.”
Special thanks and mention goes to Mauro Gentile and Jon Cave, the people who discovered and alerted the WordPress team about the vulnerabilities. Aside from the large number of available free themes and plugins, another thing that makes WordPress awesome is the involvement and support of its community.
Something related to WordPress 3.0.4, I came across Lorelle’s post and it mentions about Dreamhost users who haven’t upgraded to version 3.0.4 had issues logging into their dashboards and found out that some codes have been inserted into a large number of WordPress files.
If you haven’t upgraded your WordPress installation to WordPress 3.0.4, please spare a few minutes of your time to do so. Better safe than sorry folks!
You can download WordPress 3.0.4 manually from WordPress.org or do it automatically via the WordPress admin panel — Dashboard > Updates.