WordPress 2.9.2 Released – Security Fix

WordPress 2.9.2 was released just a few minutes ago to address a security problem dealing with the Trash feature.

When WordPress implemented the new feature they failed to change the permissions granted when the post is in the trash. This means that an unauthenticated user cannot see the post, however an authenticated user can no matter what privileges they have, even ’subscriber’.

There are probably a few other bug fixes in this version but they were not part of the release announcement. If your site only has one author and no registered users, this upgrade is not critical.

Who is Jeff Chandler

Jeff Chandler is a WordPress guy in the buckeye state. Contributing writer for WPTavern. Have been writing about WordPress since 2007. Host of the WordPress Weekly Podcast.

There are 4 comments

Comments are closed.