WordPress 2.8.6 Security Release

12 November 2009 Leave a Comment

Users are advised to upgrade their WordPress installs to version 2.8.6 which fixes two vulnerabilities. From the official WordPress Dev Blog,

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

post
Filed Under: News
About Len Kutchma

Len has been blogging for over 10 years and is a rabid WordPress fan. In addition to blogging here you can find him writing the occasional article and toiling away in the forums at WeblogToolsCollection.com. He also hangs out at the WordPress support forums lending a hand where he can. Be sure to follow @wpcanada on Twitter.

Please Note: WPCanada is a moderated community. Please read the Comment Policy.

What Do You Think?

*