WordPress 2.8.6 Security Release

Posted on November 12, 2009 by Pete Mall

WordPress version 2.8.6 was released earlier today which addressed a couple of security issues. WordPress 2.8.6 patches a XSS vulnerability in Press This and another issue with sanitizing upload file names which could be exploited to run a php file uploaded as file.php.jpg in some apache configurations.

It is recommended to download and upgrade to version 2.8.6 or use the automatic upgrade function of WordPress under Tools > Upgrade from the admin area. WordPress 2.8.6 will be available for automatic upgrade soon.

Related posts:

  1. WordPress MU 2.8.6 Security and Bugfix Release
  2. WordPress MU 2.8.5.1 Security and Bugfix Release
  3. WordPress 2.8.5 Released
  4. WordPress 2.8.2 Fixes XSS Vulnerability
  5. WordPress 3.0 Release Candidate 3
This entry was posted in WordPress. Bookmark the permalink.

2 Responses to WordPress 2.8.6 Security Release

  1. Harsh Agrawal says:
    November 12, 2009 at 7:13 pm

    This update was really unexpected.. though this update seems to be only for those
    who have multi author blogs or is it for every one?

    Reply
  2. Pete Mall says:
    November 12, 2009 at 7:24 pm

    This update is for single author and multi-author blogs… The vulnerability with the uploaded file is actually an apache configuration problem which can be exploited using the WordPress media upload function.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>