The 2.8.3 security update for WordPress fixes several privilege escalation vulnerabilities, similar to the problems fixed in a previous update to version 2.8. The developers had overlooked some of the loopholes which 2.8.3 now closes.

The security service provider Core Security had warned of various security problems in WordPress before, after finding errors in processing certain URLs. For example, unprivileged, but registered users, are reportedly able to examine the configuration pages of plug-ins and to change their options.

[All of article]

The link for this article located at H Security is no longer available.