There has been an unscheduled WordPress Security release that upgrades WordPress to version 2.3.3. This is a critical update that closes a vulnerability that would allow registered users to edit the posts of other users if they sent a specially formatted request. It is strongly suggested that all users on the 2.3.x branch upgrade their version as soon as possible.

WordPress 2.3.2 has just been released, and it contains critical updates that fix some vulnerabilities in how WordPress creates Draft entries. Anyone using the WordPress 2.3.x line should immediately go to WordPress.org and download the new version. Unless you’ve done something strange to your core files all you need to do is overwrite your current install with the new version to successfully upgrade–then go to wp-admin/upgrade.php in your web browser to finalize the database update.

The first WordPress 2.3 security issue has been found. It is in regard to the blogroll function in WordPress and results in unlimited spam entries being injected into your blogroll. This vulnerability is already being exploited by spammers. An explanation and a fixed file can be found here until a new point release of WordPress is available. This issue apparently also affects older versions of WordPress as well as the newest version, so pretty much anyone using the blogroll on their site should immediately address this issue.

WordPress 2.2.3 has been released and contains some small bug fixes and security updates. Anyone using the 2.2.x branch should update to this new version. (Please note: 2.2.3 is NOT 2.3 and is not the version of WordPress that will break many older plugins–this is just an update to the existing 2.2 branch–so don’t be afraid to update to this version).