I just upgrade today, WordPress 2.3.2, fixed a nasty vulnerability. I haven’t did any test yet but according to “blackhat domainer” you can view WordPress Draft Entry via simple URL parameters without log in (un-authorize view).

WordPress developer had to release this ’securities’ fixes before the upcoming 2.4. You could either wait for 2.4 (the milestone is almost ready?) or upgrade immediately. But before others exploit this vulnerability its better to upgrade.

Peter Westwood’s sum up all wordpress 2.3.2 recent change and update in details. Read it first before you decide to upgrade.

External Links

• How to know today what ShoeMoney is going to post tomorrow
• Wordpress 2.3.2 Announcements (dev blog)