Upgrade To WordPress 2.9.2 Now!

WordPress version 2.9.2 is now available for download. This upgrade fixes a security issue that affects mainly the multi-authored blogs.

The issue, reported by Thomas Mackenzie, involves the trash feature of WordPress, which was introduced in version 2.9.0. WordPress trash is like recycle bin in Windows operating system. All the deleted posts and comments go to trash. You can disable trash in WordPress, but its activated by default.

The security issue is that any user can see the trashed posts, no matter what’s her user level. Even normal subscribers can see the trashed posts, irrespective of who wrote them in first place.

So, if you allow users to register to your blog as a subscriber, or if you run a multiple authored blog, then you should definitely consider upgrading to WordPress 2.9.2.

To upgrade to version 2.9.2, either download WordPress and upgrade manually, or go to Tools -> Upgrade in your dashboard to upgrade automatically.