WordPress 3.3.2 is now avaiable for download. This is a maintenance and security update a number of vulnerabilities found in previous releases.
Three external libraries included in WordPress have received security updates: Plupload, SWFUpload and SWFObject.
Plupload (version 1.5.4), which WordPress uses for uploading media.
SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes.
WordPress 3.3.2 also addresses:
Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances, disclosed by Jon Cave of our WordPress core security team, and Adam Backstrom.
Cross-site scripting vulnerability when making URLs clickable, by Jon Cave.
Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs. Thanks to Mauro Gentile for responsibly disclosing these issues to the security team.
These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2.
Download at: http://wordpress.org/download/
List of Files Revised
wp-comments-post.php
wp-includes/version.php
wp-includes/js/swfobject.js
wp-includes/js/plupload/plupload.html4.js
wp-includes/js/plupload/plupload.silverlight.xap
wp-includes/js/plupload/plupload.html5.js
wp-includes/js/plupload/changelog.txt
wp-includes/js/plupload/plupload.silverlight.js
wp-includes/js/plupload/plupload.flash.js
wp-includes/js/plupload/handlers.dev.js
wp-includes/js/plupload/plupload.flash.swf
wp-includes/js/plupload/plupload.js
wp-includes/js/swfupload/swfupload.swf
wp-includes/wp-db.php
wp-includes/formatting.php
wp-includes/capabilities.php
wp-includes/kses.php
wp-includes/script-loader.php
wp-includes/ms-functions.php
readme.html
wp-admin/about.php
wp-admin/includes/update-core.php
wp-admin/plugins.php
wp-admin/press-this.php
wp-admin/setup-config.php
