Visser Labs Plugin Compatibility with WordPress 3.0.2

A quick update that I’ve gone through and can confirm full-compatibility across the Visser Labs WP e-Commerce Plugin suite with WordPress 3.0.2, so what are you waiting for, start updating.

Note: As always, perform a full backup of your WP e-Commerce store – that means files and database – as it only takes a single corrupt file during transfer to knock out your daily earnings. An ounce of prevention is worth a pound of cure.

The 3.0.2 update is a mandatory security update for all previous WordPress versions which plugs a few Core vulnerabilities and miscellaneous fixes. The following Visser Labs Plugins have been tested with WordPress 3.0.2:

  • Related Products for WP e-Commerce
  • Add to Wishlist for WP e-Commerce
  • Facebook Like Button for WP e-Commerce
  • Facebook Share for WP e-Commerce
  • Nuke WP e-Commerce
  • Offline Credit Card Processing for WP e-Commerce
  • Printable Invoices for WP e-Commerce
  • Product Categories Importer for WP e-Commerce
  • Product Importer Deluxe for WP e-Commerce
  • Product Importer Standard for WP e-Commerce
  • Product Versioning for WP e-Commerce
  • Store Reports for WP e-Commerce

Here’s a quick excerpt of the changes in 3.0.2 from the WordPress team.

  • Fix moderate security issue where a malicious Author-level user could gain further access to the site. (r16625)
  • Multisite: Fix the usage of the SUBDOMAIN_INSTALL constant for upgraded WordPress MU installs (#14536)
  • Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. (#13887)
  • Fix canonical redirection for permalinks containing?%category% with nested categories and paging. (#13471)
  • Fix occasional irrelevant error messages on plugin activation. (#15062)
  • Minor XSS fixes in request_filesystem_credentials() and when deleting a plugin. (r16367, r16373)
  • Clarify the license in the readme (r15534)
  • Multisite: Fix the delete_user meta capability (r15562)
  • Multisite: Force current_user_can_for_blog() to run map_meta_cap() even for super admins (#15122)
  • Multisite: Fix ms-files.php content type headers when requesting a URL with a query string (#14450)

If I’ve missed any Plugin from the above list or you’ve spotted a compatibility issue that slipped through testing please drop a comment below.

WordPress 2.9.2 Security Update

WordPress users will notice a new automatic update available for 2.9.2, this security update fixes a vulnerability affecting all WordPress installations since the recent introduction of the Trash feature in the 2.9.* series.

Every logged in user, even those with the subscriber role, can access all deleted articles and posts that have been moved to the trash. This might not affect the majority of blogs as there need to be at least two registered users and at least one user that is not trusted by the administrator of the site.

Excerpt from WordPress 2.9.2 Released at ghacks.net.