Lester Chan's WordPress Plugins – Page 22 – Lester Chan's WordPress Plugins Development Blog

WordPress 2.8.6

WordPress 2.8.6 has been released. This is a security release.

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

Changelog: WordPress 2.8.6
Download: WordPress 2.8.6
Download: Modified files since WordPress 2.8.5

(164 votes, average: 3.90 out of 5)

WordPress 3.1 Beta 2

WordPress 3.1 Beta 2 is now available!

Check out the list of known issues or if you want to switch your blog over to the beta, try the WordPress Beta Tester Plugin.

Download: WordPress 3.1 Beta 2

(144 votes, average: 3.90 out of 5)

WordPress 3.4 Beta 1

WordPress 3.4 Beta 1 has been released! The final version is expected to ship sometime next month (May 2012).

What’s New

Theme Customizer with Previewer
Flexible Custom Header Sizes
Selecting Custom Header and Background Images from Media Library
Better experience searching for and choosing a theme

Under-the-hood Changes

New XML-RPC API for external and mobile applications
New API for registering theme support for custom headers and backgrounds
Performance improvements to WP_Query by splitting the query (Please test!)
Internationalization improvements (improved performance and locale support)
Performance and API improvements when working with lists of installed themes
Support for installing child themes from the WordPress Themes Directory

Download: WordPress 3.4 Beta 1

(129 votes, average: 3.90 out of 5)

WP-Polls 2.61

I have released WP-Polls 2.61 which fixes a code injection via “HTTP Referrer” and affects users who are on WP-Polls 2.60 only.

I also took this chance to port the readme.html to the proper readme.txt which WordPress.org is using and now you can see all the details of WP-Polls right from the plugins page itself regardless if it is from your WP-Admin or WordPress.org.

All users should upgrade now

Vulnerability discovered by + Props to:

Dweeks, Leon Juranic and Chad Lavoie of the Swiftwill Security Team (www.swiftwill.com)

Download: WP-Polls 2.61

(98 votes, average: 3.90 out of 5)

WordPress 2.3.1

WordPress 2.3.1 has been released and this fix is a bug-fix and security release for the 2.3 series.

An XSS issue has been fixed here:

A security fix to ensure that edit-post-rows.php cannot be directly loaded to prevent XSS attacks when register_globals is enabled

Get yours today.

(94 votes, average: 3.90 out of 5)