Friday was the launch date for WordPress 3.3 2, the latest update from the WordPress development team. This update is geared towards addressing vulnerabilities in several areas, including three external libraries and the actual blogging platform, itself.
The update was also used to address several security bugs in the SWFObject and SWFUpload libraries. These were important areas to focus on since the SWFObject library is used for Flash embedding while the SWFUpload library has been previously used for uploading media files.
WordPress is still required to distribute these libraries even though they are no longer in use because they are necessary in order to remain compatible with older themes and plugins.
In this latest WordPress version, the Plupload library has been updated to version 1.5.4. The update was necessary aft
er a recent cross-site request forgery (CSRF) vulnerability was experienced less than a week ago.
Plupload is used to upload media files into WordPress, and is used by default. The main advantage of this particular handling library is that it is a flexible upload. It also allows many different runtimes. Some of the most common are BrowserPlus, Flash, HTML5, Gears and Silverlight.
Over the years, hackers have targeted WordPress via outdated installations. After infiltrating a system, hackers infect websites with malicious codes. An example of this was recently experienced when some 600,000 Mac computers were infected with malware software.