Recently, I have been becoming increasingly annoyed at the frequency with which WordPress releases updates, most of which are proclaimed to be security updates so that users are encouraged to “upgrade immediately”.
While I am thankful that WordPress remains so on top of security problems, it is rather disconcerting that security flaws are being discovered with such frequency, possibly pointing to deep rooted flaws in the security methods it employs.
I do have one piece of good news however. From what I can tell, v2.2.3 (which was released little more than a month after v2.2.2) does not address any security problems that will affect the majority of users. The only security hole it plugs is the ability of a user (meaning someone who can write actual posts to the blog) to post unfiltered HTML when their preferences are set to prevent it. In other words, unless you allow hackers access to the admin area of your blog, don’t worry about it.