Attention, all WordPress users! WordPress version 2.8.6 is out with fixes to two security problems and you are recommended to upgrade. The vulnerabilities fixed in WordPress 2.8.6 can be easily exploited by registered, logged in users who have posting privileges. So, if your blog supports author registration or if you run a multiple author blog and you are not sure about certain authors, you must upgrade to WordPress version 2.8.6.

WordPress Release

After the WordPress 2.8.5 hardening release in October, two serious security threats were discovered in WordPress. According the official WordPress blog, the first problem that has been addressed in WordPress 2.8.6 is an XSS (Cross Site Scripting) vulnerability in ‘Press This’ and it was first discovered by Benjamin Flesch. The second problem was discovered by Dawid Golunski and is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.

So, what to do now? Like all previous releases, it is advised that you upgrade to WordPress 2.8.6 as soon as possible. Use the auto upgrade feature or upgrade manually (which I prefer) by downloading WordPress from the official site. Enjoy blogging!