WP 2.2.2 and Theme Vulnerabilities
Monday, August 6th, 2007As you may have noticed, the fine folks at WordPress have released WP v2.2.2 into the (deuces) wild. I have taken the unusual step of upgrading RMFO-Blogs users first, rather than RMFO-Pro users. Why? Simply put, RMFO-Blogs has been getting hammered because of some Cross-Site Scripting Vulnerabilities in themes. As a result of these vulnerabilities, I made use of the WordPress scanner at BlogSecurity.net to check all activated themes as I did the upgrades. If your theme was vulnerable, I moved you to the WordPress Default theme for the time being.
There is a discussion topic on the Rumor Forum on how to fix your themes. I’m happy to help you do it, but I didn’t have time to do the fixes while trying to secure the server. Having a secure server was far more important to me than having everyone’s theme look pretty today.
2117 CDT: All RMFO-Pro users are now up-to-date.