Suspicious about internet viruses I did some research and came to the conclusion that the warning was true and for very convincing technical security reasons. WordPress experienced an XSS vulnerability,
which made it possible for hackers to infect WordPress pages.
I personally have no idea about what is and how serious is an “XSS vulnerability” but when I informed the guy who runs my website, his answer was “Huhhhh Ouch!”. He upgraded my site within a few seconds….
If your page hasn’t been hacked yet, please, upgrade to 3.0.4 as soon as possible!
In tech-buzz.com I read following article WordPress pages hacked over XSS Vulnerability:
“Earlier today the WordPress team released WordPress 3.0.4which contained a critical fix for an XSS vulnerability. Sadly, the release made the problematic code public to everyone and there are reports that WordPress sites who have not yet upgraded are being hacked.
A post on DreamHost, one of the largest web hosting companies says that many sites who have not yet upgraded are being attacked through this XSS vulnerability. Many of their customers aren’t able to access their WordPress Admin dashboard.
Another important thing being noted by DreamHost team is that once your site has been hacked, upgrading to the latest version won’t help since the inserted data sits in a file which is untouched by the upgrade. I am looking into what files are affected and will update this post as soon as I come across it.
Rest aside, this new problem has made me determined to release the WordPress Remote Upgrade and Manager within the next few days, so stay tuned for it.
Upgrading WordPress is easy and usually takes a few seconds. So drop everything else and upgrade your WordPress installation to 3.0.4 ASAP”
http://www.keeptalkinggreece.com/2010/12/30/wordpress-warning-upgrade-to-3-0-4-asap/
