Version 3.3.1 of the open source WordPress blogging and publishing platform has been released. The maintenance and security update addresses a cross-site scripting (XSS) vulnerability affecting WordPress 3.3. According to a blog post by security researchers Aditya Modha and Samir Shah, the hole affects WordPress instances installed using an IP address; instances of WordPress installed using a domain name are reportedly not vulnerable.
In addition to closing the security hole, the update fixes a number of bugs found in the previous release including two high priority issues: one related to the tabindex that could cause users to lose an edit or reply, and the other is in the script loader. A full list of fixes can be found in the WordPress Trac.