IMPORTANT! A security vulnerability was discovered in older versions of TML that could allow users with posting privileges to exploit your site/server. This could possibly include exposing system and/or sensitive files such as /etc/passwd or /etc/shadow. If you run a single user blog, you’re okay. If you run a multi-user blog and you trust all of your authors/contributors/etc, you’re probably okay. However, if you run a multi-user blog with random authors/contributors/etc, you may have reason to be concerned.
Theme My Login 6.3.10 has been released to address this issue. That is, in fact, this release’s only purpose – and it is a very important one! So, upgrade immediately!
- Fix local file include vulnerability in templating system