WordPress 2.8.2 Fixes XSS Vulnerability

Posted on July 21, 2009 by Pete Mall

WordPress 2.8.2 was released on Monday, July 20 which patches a known XSS vulnerability. The URLs for the commenters(comment authors) were not fully sanitized before being displayed in the admin area which could be exploited to redirect from the admin area to another site. It is recommended to download and upgrade to version 2.8.2 or use the automatic upgrade function of WordPress under Tools > Upgrade from the admin area.

Related posts:

  1. WordPress 2.8.6 Security Release
  2. JIT Fixed in Firefox 3.5.1, New Vulnerability Exposed
  3. WordPress 2.8.5 Released
  4. WordPress MU 2.8.6 Security and Bugfix Release
  5. Critical JavaScript Vulnerability Surfaces in Firefox 3.5
This entry was posted in Security Exploits, WordPress. Bookmark the permalink.

2 Responses to WordPress 2.8.2 Fixes XSS Vulnerability

  1. Phyllis says:
    July 21, 2009 at 7:52 am

    Thanks for the heads up. It’s been a crazy summer so far so I hope all the crazymaking is done. Although I am shy about commenting, l appreciate your blog posts. I just went through a nightmarish situation 2 weeks ago when my web host’s servers (A Small Orange) were hacked. Their staff was excellent and my site was restored from backup.

    Reply
  2. Reggie says:
    July 21, 2009 at 7:53 am

    I have updated already with no problems. Good to know that the security problem has been fixed.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>