The WordPress developers have detected a major security flaw in the latest release of WordPress 3.0.3. There is a critical vulnerability with cross-site scripting (XSS). WordPress 3.0.4 contains this major fix that founder Matt Mullenweg call their most critical update. Hosted WordPress.com users do not have to fret, the security update happens automatically for them.
Cross-site scripting (XSS) can be used to steal login information or other private information from visitors of a vulnerable site. From the information gathered, this XSS vulnerability is the same type of attack that has affected Twitter users recently. This fix is very similar to Twitter’s update.
Although this security flaw was quickly fixed Matt Mullenweg wants security researchers to review the latest changeset to detect any more minor flaws WordPress seems to have.
For developers all over the internet wanting to prevent any type of a XSS vulnerability, check out the XSS (Cross Site Scripting) Prevention Cheat Sheet. According to The Open Web Application Security Project (OWASP) XSS is the second most common security vulnerability on the web. So watch out and be safe on the web.