Secure WordPress with 2.8.6
WordPress 2.8.6 was released today. It includes some security fixes for vulnerabilities found by WordPress users.
As always you can get the newest version of WordPress from the WordPress.org download page. We recommend always upgrading WordPress to the latest stable version available. If you don’t have the time or don’t know how, you can always hire us to make the upgrade for you. Just fill out the form on our “need help?” page and we’ll be in touch.
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
Twitter Comments
|
blairwilli RT @thinkpressblog: Secure WordPress with 2.8.6 http://think-press.com/upgrade-2.8.6 (via @prettylink) |
| Re-Tweet | Reply | View Tweet |
|
brandondove RT @thinkpressblog: Secure WordPress with 2.8.6 - we can do it for you. http://think-press.com/upgrade-2.8.6 |
| Re-Tweet | Reply | View Tweet |
|
thinkpressblog Secure WordPress with 2.8.6 - we can do it for you. http://think-press.com/upgrade-2.8.6 |
| Re-Tweet | Reply | View Tweet |
[...] (although it still works perfectly on a desktop machine). I’m not sure why, actually; it may be a security “feature” stemming from some update or other. I didn’t want to bother David with it yesterday since he was trying to get all his [...]