WordPress 2.8.6 Security Release

Posted on by

WordPress version 2.8.6 was released earlier today which addressed a couple of security issues. WordPress 2.8.6 patches a XSS vulnerability in Press This and another issue with sanitizing upload file names which could be exploited to run a php file uploaded as file.php.jpg in some apache configurations.

It is recommended to download and upgrade to version 2.8.6 or use the automatic upgrade function of WordPress under Tools > Upgrade from the admin area. WordPress 2.8.6 will be available for automatic upgrade soon.

2 thoughts on “WordPress 2.8.6 Security Release

  2. This update is for single author and multi-author blogs… The vulnerability with the uploaded file is actually an apache configuration problem which can be exploited using the WordPress media upload function.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>