If you run a blog with WordPress, you may want to take the time to update it to the latest version. 3.0.2 was released to fix a bug where an Author level user could gain admin access. They recommend you run the update immediately.

Other problems the update fixes:

  • Remove pingback/trackback blogroll whitelisting feature as it can easily be abused.
  • Fix canonical redirection for permalinks containing %category% with nested categories and paging.
  • Fix occasional irrelevant error messages on plugin activation.
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin.
  • Clarify the license in the readme
  • Multisite: Fix the delete_user meta capability
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs

As a person who once slacked on running one of these updates and paid for it when somebody hacked my site and deleted every post on it, I can’t stress how important it is to keep your WordPress version updated. Don’t bother testing. Update it now!