Trusted WordPress tutorials, when you need them most.
Beginner’s Guide to WordPress
WPB Cup
25 Million+
Websites using our plugins
16+
Years of WordPress experience
3000+
WordPress tutorials
by experts

WordPress 3.0.2 – Mandatory Security Release (Update Now)

WordPress 3.0.2 is made available today, and it is a mandatory security update for all previous WordPress versions. This maintenance release fixes a moderate security issue where a malicious Author-level user could gain further access to the site. This release also addresses a handful of bugs, and provides some additional security enhancements. Big thanks to Vladimir Kolesnikov for detailed and responsible disclosure of the security issue!

We advise that you update immediately even if you do not have untrusted users. (Use our ultimate guide to Upgrade WordPress to make sure you do everything right)

Full list of updates made in this version:

  • Fix moderate security issue where a malicious Author-level user could gain further access to the site.
  • Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
  • Fix canonical redirection for permalinks containing %category% with nested categories and paging.
  • Fix occasional irrelevant error messages on plugin activation.
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
  • Clarify the license in the readme
  • Multisite: Fix the delete_user meta capability
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs

What are you waiting for? Upgrade NOW!!!

Disclosure: Our content is reader-supported. This means if you click on some of our links, then we may earn a commission. See how WPBeginner is funded, why it matters, and how you can support us. Here's our editorial process.

Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi with over 16 years of experience in WordPress, Web Hosting, eCommerce, SEO, and Marketing. Started in 2009, WPBeginner is now the largest free WordPress resource site in the industry and is often referred to as the Wikipedia for WordPress.

The Ultimate WordPress Toolkit

Get FREE access to our toolkit - a collection of WordPress related products and resources that every professional should have!

Reader Interactions

4 CommentsLeave a Reply

  1. Syed Balkhi

    Hey WPBeginner readers,
    Did you know you can win exciting prizes by commenting on WPBeginner?
    Every month, our top blog commenters will win HUGE rewards, including premium WordPress plugin licenses and cash prizes.
    You can get more details about the contest from here.
    Start sharing your thoughts below to stand a chance to win!

  2. Dean Saliba

    Has anyone else experienced this?

    I installed this update on three test blogs and when the upgrade was complete I was unable to access the main page, the admin page or even the FTP.

    I contacted my host’s support and they said those three blogs had somehow had their permissions changed. Didn’t happen to any of my others that did not receive the upgrade. :/

  3. camu

    (Self promotion) You should switch to my plugin to manage your commenters’ subscriptions :-)

  4. camu

    Hi there, does the nightly-build of WP 3.1 already include the fix?

Leave A Reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.