WordPress has released a security update for it’s most popular blogging platform WordPress 3.1.2. This security updates fixes vulnerability that allowed Contributor-level users to improperly publish posts. This vulnerability was a privately reported and was detected by in-house security team, so this exploit was not available online. Some more issues are also fixed in this update.
Problems fixed in WordPress 3.1.2
- Fix a vulnerability that allowed Contributor-level users to improperly publish posts. (r17710)
- Fix user queries ordered by post count. (#17123)
- Fix multiple tag queries. (#17054)
- Prevent over-escaping of post titles when using Quick Edit for pages. (#17218)
This is a mandatory update, WordPress administrators can update their blogs automatically within the admin dashboard or can manually download the version and run the update script. I have updated few of my blogs without any problem.
You can check the release note at official WordPress page
Direct download WordPress 3.1.2
List of Files Changed
wp-includes/post-template.php wp-includes/version.php wp-includes/user.php wp-includes/query.php readme.html wp-admin/includes/class-wp-posts-list-table.php wp-admin/includes/update-core.php wp-admin/press-this.php