WordPress has detected and fixed a cross-site scripting (XSS) vulnerability. WordPress 3.04 contains the fix that founder Matt Mullenweg calls "critical." Hosted WordPress.com customers don't need to worry, as security updates happen automatically for them.
XSS attacks can be used to steal login information or other sensitive information from visitors to a particular site. According to ReadWriteWeb staff hacker Tyler Gilles, this is similar to XSS vulnerability that affected Twitter users recently. He notes that WordPress's fix is similar to Twitter's.

The vulnerability was found in KSES, WordPress's HTML sanitation library. WordPress was first notified of the issue by Mauro Gentile and Jon Cave.

The link for this article located at ReadWriteHack is no longer available.