In a quick turnaround, the ImpressCMS Project published a new release today in response to a vulnerability report racing around the Twitter-verse. They also closed an authorization gap in the plugin used by the TinyMCE editor that connected it to the image manager of ImpressCMS.
A few of the improvements already in the upcoming version of ImpressCMS were also back-ported to this release, making for a much more polished product for your web sites.
In the announcement from ImpressCMS, the team stated they were notified of the vulnerability earlier today and they were able to respond quickly to this. However, news of the potential vulnerability spread quickly. The vulnuerability only exists if you already have elevated permissions on the site and have access to the administration area. If you are running an earlier version of ImpressCMS, you are strongly urged to upgrade your installations as soon as possible.
Complete details and support information can be found on their website - www.impresscms.org