• Advertise here

    Sensonize.com is visited by Internet entrepreneurs, investors, tech heads, gear heads and interested consumers.
    * Alexa: Less than 100,000
    * Google Page Rank: 3
    * RSS readers: 1000+
    * Twitter followers: 5500+
    * Average comments per post: 20
    Advertise Here
  •  

WordPress 2.6.5 – Upgrade now! XSS Exploit in 2.6.3

By Mohnish On November 26, 2008 Under Blogging, News

WordPress 2.6.5 is immediately available and fixes one security problem and three bugs. I recommend everyone upgrade to this release.

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Note that WordPress is skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds. There is not and never will be a version 2.6.4.

So guys, upgrade now and avoid being ‘hacked’ and losing all your hardwork. To inform the world about this security update – Digg and Stumble this article! Download 2.6.5 from the OFFICIAL SITE AND NO WHERE ELSE!

Get WordPress 2.6.5

Hostgator

Add a comment

*