WordPress 3.1.3 available (security fixes)

If you are using WordPress, make sure to upgrade it now. The version 3.1.3 was just released with a few security fixes:

* Various security hardening by Alexander Concha.
* Taxonomy query hardening by John Lamansky.
* Prevent sniffing out user names of non-authors by using canonical redirects. Props Verónica Valeros.
* Media security fixes by Richard Lundeen of Microsoft, Jesse Ou of Microsoft, and Microsoft Vulnerability Research.
* Improves file upload security on hosts with dangerous security settings.
* Cleans up old WordPress import files if the import does not finish.
* Introduce “clickjacking” protection in modern browsers on admin and login pages.

You can download the new version here or just follow their automated (very simple) update process.. Those were all the files changed from 3.1.2 to 3.1.3:

Files wordpress-3.1.2/readme.html and wordpress-3.1.3/readme.html differ
Files wordpress-3.1.2/wp-admin/admin-ajax.php and wordpress-3.1.3/wp-admin/admin-ajax.php differ
Files wordpress-3.1.2/wp-admin/custom-background.php and wordpress-3.1.3/wp-admin/custom-background.php differ
Files wordpress-3.1.2/wp-admin/custom-header.php and wordpress-3.1.3/wp-admin/custom-header.php differ
Files wordpress-3.1.2/wp-admin/includes/class-wp-plugins-list-table.php and wordpress-3.1.3/wp-admin/includes/class-wp-plugins-list-table.php differ
Files wordpress-3.1.2/wp-admin/includes/import.php and wordpress-3.1.3/wp-admin/includes/import.php differ
Files wordpress-3.1.2/wp-admin/includes/media.php and wordpress-3.1.3/wp-admin/includes/media.php differ
Files wordpress-3.1.2/wp-admin/includes/post.php and wordpress-3.1.3/wp-admin/includes/post.php differ
Files wordpress-3.1.2/wp-admin/includes/template.php and wordpress-3.1.3/wp-admin/includes/template.php differ
Files wordpress-3.1.2/wp-admin/includes/update-core.php and wordpress-3.1.3/wp-admin/includes/update-core.php differ
Files wordpress-3.1.2/wp-admin/ms-delete-site.php and wordpress-3.1.3/wp-admin/ms-delete-site.php differ
Files wordpress-3.1.2/wp-admin/plugins.php and wordpress-3.1.3/wp-admin/plugins.php differ
Files wordpress-3.1.2/wp-admin/press-this.php and wordpress-3.1.3/wp-admin/press-this.php differ
Files wordpress-3.1.2/wp-app.php and wordpress-3.1.3/wp-app.php differ
Files wordpress-3.1.2/wp-includes/canonical.php and wordpress-3.1.3/wp-includes/canonical.php differ
Files wordpress-3.1.2/wp-includes/class-oembed.php and wordpress-3.1.3/wp-includes/class-oembed.php differ
Files wordpress-3.1.2/wp-includes/default-filters.php and wordpress-3.1.3/wp-includes/default-filters.php differ
Files wordpress-3.1.2/wp-includes/formatting.php and wordpress-3.1.3/wp-includes/formatting.php differ
Files wordpress-3.1.2/wp-includes/functions.php and wordpress-3.1.3/wp-includes/functions.php differ
Files wordpress-3.1.2/wp-includes/meta.php and wordpress-3.1.3/wp-includes/meta.php differ
Files wordpress-3.1.2/wp-includes/post.php and wordpress-3.1.3/wp-includes/post.php differ
Files wordpress-3.1.2/wp-includes/query.php and wordpress-3.1.3/wp-includes/query.php differ
Files wordpress-3.1.2/wp-includes/taxonomy.php and wordpress-3.1.3/wp-includes/taxonomy.php differ
Files wordpress-3.1.2/wp-includes/theme.php and wordpress-3.1.3/wp-includes/theme.php differ
Files wordpress-3.1.2/wp-includes/version.php and wordpress-3.1.3/wp-includes/version.php differ
Files wordpress-3.1.2/wp-login.php and wordpress-3.1.3/wp-login.php differ

Remember, the first step for a secure site, is an updated site! We also recommend the following WordPress security plugin if you want to harden your WordPress install: http://sucuri.net/wordpress-security-monitoring.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.