Ryan Boren the lead developer of WordPress Team has just announced the release of WordPress 2.8.6 Security update throughwordpress logo WordPress Update WordPress 2.8.6 Security Release WP blog. The release fixes two vulnerabilities relevant only for blogs having more than one authors like my another site Hacking Discussion as they can only be exploited by registered, logged in users with posting rights. In his blog post Ryan Boren suggests webmasters having untrusted authors to switch and update to WordPress 2.8.6.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
{ 1 comment }
