Use Trash? WordPress 2.9.2 Upgrade Time Then! CodeUnit 17 FEB 2010

Do you make use of the nifty little trash feature recently introduced in WordPress 2.9 that allows you to “delete” or “trash” posts to a recycle bin from which you can then choose to permanently delete or restore at a later date?

Well if the answer is yes then it is probably a good idea to quickly update your installation version to the newly released 2.9.2 version in order to protect yourself against a nasty little bug introduced with this great new bit of functionality!

The problem is that in introducing this new core bit of functionality, developers somehow forgot to properly integrate it within WordPress’ security framework and as such were left with a situation whereby any authenticated user, no matter what rights they have (e.g. they could even be a simple subscriber), can access the trash of any other user – meaning that if you have any sensitive posts that you previously trashed, they would have in fact still pretty much been open for anyone to see.

If you still aren’t on the same page with me as to why you need to upgrade to this patched version ASAP, let me put it to you a little differently. Let us say for example you work for a boss, but being a disgruntled employee, you type up a post on the company blog revealing to the world all the naughty kinkiness you got up to your boss’ daughter. Thankfully though, a moment of sanity prevailed and you trashed the post before publishing it, so it never saw the light of day – whew! However, if the bug was still active and your boss entered the blog to add a new post or such, he would be able to read what you had previously trashed and make no doubt about it – you would now be standing out there in the cold in the unemployment line.

So do yourself a favour. Upgrade to WordPress 2.9.2 today! :)

Related Link: http://wordpress.org/development/2010/02/wordpress-2-9-2/

Related Posts:

About Craig Lotter

Software developer, husband and dad to two little girls. Writer behind An Exploring South African. I don't have time for myself any more.

  • I recently Started blogging and when I install WordPress my hosting installed 2.9.1 instead of 2.9.2.
    And I had to manually upgrade the wordpress to the latest version. though it was not tough though initially I thought of it as quite scary.
    .-= Blogger Affiliate´s last blog ..Hello world! =-.

  • I recently Started blogging and when I install WordPress my hosting installed 2.9.1 instead of 2.9.2.
    And I had to manually upgrade the wordpress to the latest version. though it was not tough though initially I thought of it as quite scary.
    .-= Blogger Affiliate´s last blog ..Hello world! =-.

  • It’s scary every time one upgrades – just imagine should it fail! O.O
    .-= Craig´s last blog ..FIFA, Snoek and Keyboard Wizardry =-.

  • It’s scary every time one upgrades – just imagine should it fail! O.O
    .-= Craig´s last blog ..FIFA, Snoek and Keyboard Wizardry =-.