On December 29, 2010, WordPress 3.0.4 was released to the public. This is a critical security update for all previous WordPress versions.
For version 3.0.4, the database version (db_version in wp_options) remained at 15477.
Installation/Update Information
To download WordPress 3.0.4, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
- Fix XSS vulnerabilities in the KSES library: Don’t be case sensitive to attribute names. Handle padded entities when checking for bad protocols. Normalize entities before checking for bad protocols in esc_url(). (r17172)
List of Files Revised
wp-includes/version.php
wp-includes/formatting.php
wp-includes/kses.php
readme.html
wp-admin/includes/update-core.php