We’ve just updated the VaultPress plugin with a hotfix that closes a recently identified security issue in WordPress. The security issue, which has been corrected in the WordPress 3.0.2 release, could have enabled a malicious Author-level user to gain further access to a site.
VaultPress now looks at potentially problematic queries that get passed through WordPress, determines if one of them is the problem query, and fixes it. All WordPress users should still upgrade to WordPress 3.0.2 as soon as possible, but for those VaultPress customers who haven’t yet been able to upgrade, the update fixes this specific security issue.
Most VaultPress customers (both Basic and Premium) should already have been automatically updated to the latest version of the plugin, v. 0.0888. You can verify the version number by visiting your site’s WordPress dashboard, then viewing your plugins page. If your VaultPress plugin version is lower than 0.0888, you can then update the plugin manually by logging into your VaultPress dashboard, and downloading the latest version of the VaultPress plugin. Or, just contact the VaultPress Safekeeper team and we’ll take care of updating the plugin for you. We can also help you enable automatic updates to the VaultPress plugin.
Our mission is to take the worry out of keeping your WordPress site secure, and we’ll continue to work on making updates like this one even easier for you.