ghacks Technology News

Wordpress 2.8.6 Security Update


The Wordpress developers have just released a security update for their blogging platform Wordpress which raises the version of the software to 2.8.6. It is always recommended to update to a new version of Wordpress as soon as possible and especially so for a security release. This release fixes two vulnerabilities that are only relevant for multi-author blogs as they can only be exploited by registered, logged in users with posting rights. This security vulnerability is therefor not affecting the majority of Wordpress blogs but those webmasters should nevertheless consider upgrading their blog software right away.


The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

The upgrade is as usual available through various means with the two most popular ones being through an automatic update in the Wordpress admin interface and the second trough a download from the official Wordpress website. The first is faster and more comfortable while the second offers more control to the user especially if something goes wrong.

This Wordpress update does not require an update of the Wordpress database. It is however recommended to perform a backup of both the Wordpress files on the web server and the MySQL database to be prepared if the update should fail for any reason.




Tags: , , ,
Categories: The Web

Previous Post: Read your RSS feeds on your Linux desktop with Liferea

Next Post: Save Websites With Mozilla Archive Format


Related posts:

Wordpress 2.8.4 Security Update
Wordpress 2.6.5 Security Update
Wordpress 2.8.2 Security Patch
Wordpress 2.7.1 Update
Wordpress 2.8.5 Security Update
Wordpress 2.8.3
Wordpress 2.3.3 Security Release
Wordpress 2.6.1 released

5 Responses to “Wordpress 2.8.6 Security Update”

  1. Harsh Agrawal says:
    November 13, 2009 at 4:05 am

    This update was really unexpected.. though this update seems to be only for those
    who have multi author blogs or is it for every one?

    Reply

Trackbacks/Pingbacks

  1. Wordpress 2.8.6 Security Update - Ghacks Technology News | ByteBooth says:
    November 13, 2009 at 2:36 am

    [...] recommended to update to a new version of Wordpress as soon as possible and especially … … read more (No Ratings Yet)  Loading … [...]

    Reply
  2. Wordpress 2.8.6 Security Update - Ghacks Technology News | ByteBooth says:
    November 13, 2009 at 4:38 am

    [...] recommended to update to a new version of Wordpress as soon as possible and especially … Read Full Article (No Ratings Yet)  Loading … Word [...]

    Reply
  3. Wordpress 2.8.6 cerrará dos agujeros de seguridad | Malavida Blog says:
    November 13, 2009 at 9:36 am

    [...] Fuente: gHacks [...]

    Reply

Leave a Reply   Follow Ghacks   Subscribe To Comment Rss

Recent Posts

Popular Articles

Software Updates

by Appnews

Topics

Links

Popular Tags

Follow This Blog

Ghacks Full Feed Twitter  All Feeds

Information

About Ghacks

Ghacks is a technology blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular technology sites on the Internet with five authors and regular contributions from freelance writers.

 

Authors

Joe Anderson
Martin Brinkmann (Senior Editor)
Cheryl Correa
Orrett Morgan
Daniel Pataki
David Pierce
Jack Wallen

© 2005-2009 Ghacks.net. All Rights Reserved. Privacy Policy - About Us