WordPress 2.8.6 Security Release

WordPress.org has released the security release 2.8.6 this morning which fixes two security holes in the wordpress.

One of them is an XSS vulnerability in the Press This which can be exploited by the logged in users who have posting privileges. This could be dangerous on the sites which have untrusted authors and/or having open registration for author level. The vulnerability was reported (discovered ?) by Benjamin Flesch.

The second problem is also related to the vulnerability that can be exploited by author level users, in which the uploaded file name can be exploited in certain Apache server configuration. This has been reported by Dawid Golunski.

It is always recommended to upgrade the WordPress or any other cms you are using to the latest version as soon as they are released and also keeping the backup of your website from time to time.

How to upgrade WordPress to 2.8.6 (the article has been written for 2.8.1 to 2.8.2 but should work perfectly for other newer / older versions too).