If you run a blog with WordPress, you may want to take the time to update it to the latest version. 3.0.2 was released to fix a bug where an Author level user could gain admin access. They recommend you run the update immediately.
Other problems the update fixes:
- Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
- Fix canonical redirection for permalinks containing %category% with nested categories and paging.
- Fix occasional irrelevant error messages on plugin activation.
- Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
- Clarify the license in the readme
- Multisite: Fix the delete_user meta capability
- Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
- Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
- Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs
As a person who once slacked on running one of these updates and paid for it when somebody hacked my site and deleted every post on it, I can’t stress how important it is to keep your WordPress version updated. Don’t bother testing. Update it now!
