WordPress 2.8.6 Security Update for Multi-Author Blogs

wordpress-logo WordPress 2.8.6 was just released. It’s a security update which fixes two major bugs which can exploited by registered, logged in users who have posting rights. Here’s an excerpt from WordPress Blog:

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

If merely you have the posting privileges on your blog, there is no reason to be worried. But still it’s strongly recommended to upgrade your WordPress blog whenever an update is released. You can upgrade either by downloading WP 2.8.6 and then uploading it to your server (read how-to), or using one-click upgrade from WordPress Dashboard.

It’s always a healthy practice to back-up your MySQL database before running the update.

This post was published by on November 13, 2009

About the Author: Thilak Rao works as a Social Media Expert. He is one of the first professional bloggers from India, and he loves to write, travel and click photos. Follow him on Twitter @thilak

  • http://www.shoutmeloud.com/ Harsh Agrawal

    This update was really unexpected.. though this update seems to be only for those
    who have multi author blogs or is it for every one?

  • http://tech-buzz.net Thilak Rao

    Well, the bug seems to affect only multi-authored blogs.

  • http://eblogtip.com/ Tinh

    It is a must for multi-author blog

  • http://eblogtip.com/ Tinh

    It is a must for multi-author blog