Today when I logged into my Wordpress dashboard I will kind of surprised with the latest release of wordpress 2.8.6. I was expecting to see wordpress 2.9 soon. But this new update come as a surprise for me.
I went to official wordpress blog and realize, this update has been made to prevent two security vulnerabilities, which can be exploited by registered author of your blog, who have posting permission.
According to official announcement
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.
So like always sound advice, update your wordpress blog ASAP. Specially if you have multi-author blog. Don’t forget to take backup of your wordpress blog database.
Related posts:
- Wordpress 2.8.4 Released due to a Serious Security Risk
- Register plus Wordpress plugin for Multi Author blog
- Status Notifier Wordpress revenue sharing blog plugin
- Wordpress Users Photo Plugin : Gravatar Alternative for Wordpress Membership website
- Wordpress 2.8.1 Beta Released Lots of bugs fixed
{ 4 comments… read them below or add one }
Thanks for this, I was logged on and never saw any message. I will have to update as I have other authors who have started to post.
i will think before i upgrade…last time i made a mess of it….is it mandatory??
If you have multi author blog, it is.. Else you can ignore it for now.
WordPress Automatic upgrade does everything so smoothly that there is no reason to worry at all