WordPress 2.8.6 Security Release

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

Get WordPress 2.8.6.

Sponsored by Internet Pharmacy - Indian Pharmacy, an online pharmacy supplies more than 600 quality generic medications, free prescription, worldwide shipping.

Canadian Pharmacy canada pharmacy

Related posts:

  1. WordPress 2.8.4: Security Release WordPress 2.8.4: Security Release Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user...
  2. WordPress 2.8.3 Security Release WordPress 2.8.3 Security Release Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1.  Luckily, the entire WordPress community has our backs.  Several folks in the community...
  3. WordPress 2.8.5: Hardening Release WordPress 2.8.5: Hardening Release As you know over the past couple of months we have been working on the new features for WordPress 2.9. We have also been working on...