Critical WordPress Security Defect Found and Fixed in 2.0.7

August 7th, 2008 WordPress wins the dubious distinction of Mass 0wnage Pwnie Award for an unbelievable number of WordPress vulnerabilities, over 140 as of today. It seems like hardly a week goes by without a new vulnerability in WordPress or one of its many plugins.

March 10th, 2006 WordPress released yet another security release 2.0.2 fixing (yet again) unannounced XSS security bugs. I have not upgraded any of my blogs to 2.x release.

July 8th, 2005 After recent reports of several critical security vulnerabilities of PHP based software. I decided to take a closer look at the current state of security with PHP based products.

June 1st, 2006 The new features / fixes are: Small performance enhancements Movable Type / Typepad importer fix Enclosure (podcasting) fix Bugtraq reported issue & backporting of security enhancements from 2.1 (nonces) Misc. fixes etc....

November 11th, 2008 WordPress 2.7 (read detailed review) beta 2 fixes some crucial and long standing bugs in WordPress, so much so that it is worth looking into adopting it without waiting for the final release. The key fixes in WordPress 2.7 Beta 2: Javascript in admin panel was broken when a blog had no comments, causing several of the UI elements to freeze.

May 14th, 2007 WordPress 2.2 is about to be released. Currently the release candidate 2 has the following features: PHP 5.2.2 fixes: WP importer now works in PHP 5.2.2 Workaround for PHP 5.2.2 bug that breaks XMLRPC Fixed fatal error in cache.php by flushing output buffers during shutdown.

May 12th, 2005 A discussion on the update and how to install it.

March 27th, 2008 WordPress Trac says: Milestone 2.5 Due in 22 years (04/01/30). Read on for more details.

January 30th, 2008 Type the following as a WordPress comment and see the fun: <a href="http://www.google.com/" rel="nofollow">This is www.yahoo.com link</a> This should ideally cause the whole phrase (This is www.yahoo.com link) to be hyperlinked and pointing to google.com. Unfortunately WordPress sees it as two links and a plain word: "This is" is hyperlinked to www.google.com "www.yahoo.com" is hyperlinked to www.yahoo.com "link" is not hyperlinked at all Did you read about the other hyperlinking defect?

July 31st, 2006 WordPress 2.0.4 is available for download. This release contains several important security fixes, so it’s recommended upgrade for all users.

September 20th, 2006 We have just released version 3.1 of popular Translator Plugin Pro for WordPress blogs with better performance and bug fixes. This new version will be shipped to all of our new and existing customer within 24 hours (lifetime free upgrade).

August 24th, 2005 After briefly scanning the eleven defects fixed in 1.5.2 (an interim release before WordPress 1.6) I identified the changed files. They are: xmlrpc.php comment-functions.php wp-admin/post.php pluggable-functions.php registration-functions.php wp-admin/categories.php wp-commentsrss2.php wp-includes/template-functions-category.php edit-page-form.php I am shortly planning to provide a patch update from 1.5.1.3 to 1.5.2.

July 30th, 2007 An Ext JS, a beautiful Javascript Library, ComboBox on a Toolbar fails to display when the browser window is resized or there is another div with 100% width. The problem is most likely related to resizing of the Toolbar which causes the ComboBox to stop displaying.

March 17th, 2005 What happened After my WordPress 1.5 upgrade and enabling of an option to reject comments from open proxy, no comments (over 100) were appearing on my blogs. Moreover they were silently discarded.

April 13th, 2006 This is primarily a security fix release patching 5 critical defects and one high priority defect. Couple of them are regression defects (introduced in 1.5).