I see your WordPress 3.0.4 with Exploit Scanner 0.97.5

WordPress 3.0.4 was released a few hours ago to fix a couple of persistent XSS vulnerabilities. One of these was discovered by me, and I also participated in lengthy discussions about the fix (maybe more on this at a later date). It is strongly recommended that you update now as this is a critical security release.

I have just pushed an update to Exploit Scanner with a new set of hashes for WordPress 3.0.4. The update also removes the wp-content folder and sub-directories/files from the list of core file hashes. This was done because of the difference in the release cycles of WordPress and Akismet; Akismet 2.4.0 got included in the 3.0.4 package, however 2.5.1 is the current stable version (hopefully this will be addressed by a change in core in the future, maybe either dropping it from the package and/or never touching wp-content on updates only initial installs).

I plan on releasing the next ‘major’ version of Exploit Scanner to coincide with the release of 3.1. The main new feature, which has actually been sitting in trunk for quite a while, will be core file diffs. This will allow you to see exactly what has changed if the plugin detects a modified core WordPress file. Please download the development version and give it some thorough testing if you feel like trying out the new goodness.

This entry was posted on 30 December 2010.