A new version of WordPress, a popular open-source blog and content management system, was released which addresses three security issues. Few details have been provided however, the issues addressed are a cross-site request forgery (CSRF) vulnerability, a denial of service (DoS) issue and a cross-site scripting (XSS) vulnerability. It is not clear which prior versions of WordPress are vulnerable so we urge all WordPress administrators, particularly those whose implementations of WordPress are public facing, to update to the latest fixed version, 3.1.1.
As WordPress is a Web application it seems timely to note that the IBM X-Force 2010 Trend and Risk Report contains insightful information on web application vulnerabilities and of particular relevance, the likelihood of the occurrence of CSRF and XSS vulnerabilities listed by application technology and business sector in Section IIIDeveloping Secure Software. Additionally, Section I contains information on XSS trends observed though 2010.