Just recently, the WordPress development team released the latest and greatest version of the web platform – WordPress 3.3.2. It is always important that you update your WordPress installation to the latest version, as it addresses bug fixes and security issues reported in the previous versions.
This WordPress update fixes numerous security flaws including two big ones:
- Cross-site request forgery (CSRF) in Plupload which allows an attacker to exploit a trusted user’s credentials for ill-gotten gains.
- Cross-site scripting (XSS) which allows an attacker to use the web system to glean sensitive information such as login credentials and browser cookies from unsuspecting users.
In the end, you cannot let your guard down. Just because you’re running the latest version of WordPress (or any web platform for that matter) doesn’t mean you’re in the clear. Security researchers and criminal hackers are not doubt busy trying to break the version 3.3.2 of WordPress. It’s up to you to ensure additional website security controls are in place to minimize your risks.