«
»

Wordpress 2.8.6 Tightens Security

Wordpress 2.8.6 has been released. The latest version of Wordpress fixes two security exploits which could have been used by registered, logged in users who have posting privileges.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

If you have untrusted registered users, you must upgrade to Wordpress 2.8.6 asap.

You can get the latest Wordpress 2.8.6 release from here.

You can follow me on Twitter at http://twitter.com/vaibhav1981

Do stay tuned to Technofriends for more, one of the best ways of doing so is by subscribing to our feeds. You can subscribe to Technofriends feed by clicking here

Related posts:

  1. [Wordpress] Wordpress 2.8.1 Fixes Many Bugs and tightens Security
  2. [Security] Wordpress 2.8.5 Released
  3. [Wordpress] Wordpress 2.8.3 Released ( Security Release)
  4. [Security] Update Your Wordpress Blog To Wordpress 2.8.4 Now
  5. [Wordpress] Wordpress 2.8.2 Makes It To The World.

This entry was posted on Friday, November 13th, 2009 at 8:10 am and is filed under Wordpress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply