A security update to WordPress 3.1 has been released to address a vulnerability that allowed Contributor-level users to improperly publish posts. The problem is to do with the “press this” bookmarklet and a lack of validation on the rights of the user submitting the post. The problem was found by WordPress’ Andrew Nacin working with Benjamin Balter. Wordpress recommend an immediate update to 3.1.2, especially if you allow users to register as contributors or if you have untrusted users.
This release also fixes a few bugs that didn’t make it into 3.1.1:
- Fix a vulnerability that allowed Contributor-level users to improperly publish posts. (r17710)
- Fix user queries ordered by post count. (#17123)
- Fix multiple tag queries. (#17054)
- Prevent over-escaping of post titles when using Quick Edit for pages. (#17218)
You can download 3.1.2 from here or update automatically from the Dashboard → Updates menu in your site’s admin area.