[wp-testers] Upgrade 2.0.2 to 2.0.4

[Robert Deaton]

On 7/29/06, Viper007Bond <lists at viper007bond.com> wrote:
> As for that supposed security issue, it's kinda a "dur". I mean, of
> course there are going to be problems if you allow users to register and
> have it set to auto-promote them to an admin or something like that.
> That's not an exploit, that's just stupidity.

Uhm, the security issue is that WordPress didn't properly validate
plugin page caps for unprivledged users, meaning someone with
absolutely no caps could access plugin pages that may let them take
over the blog, depending on the plugin.

No matter how small the corner case, don't publically discount the
validity, people need to upgrade, and when they don't because someone
told them the vulnerability which their blog was taken down through
was a joke, we'll never hear the end of it.

-- 
--Robert Deaton