The XSS vulnerability could be used to create comment author urls that would redirect the system administrator away from the blog’s website to another site to exploit the situation. Wordpress webmasters are encouraged to update their blogs as soon as possible to patch the security vulnerability.

Updates are available directly from within the Wordpress interface if the correct server login information are supplied or by updating the traditional way which would mean to download the Wordpress release from the Wordpress website, upload it to the web server and run the upgrade command manually. The release information should also be displayed prominently in the Wordpress admin interface with a link to the automatic update script of Wordpress.

Some changes that Wordpress admins will notice right away are speed improvements in the admin interface and the ability to change more aspects of the layout than before. Wordpress will for instance automatically adjust the layout according to the screen size of the web browser window with options to change the amount of columns and what is being displayed on the screen.

It is now possible to remove or add information when viewing posts, pages or comments in the admin interface with the additional option to change the number of items that are displayed on the screen. It is now therefor possible to change the default number of comments that are displayed on screen which could have been achieved before only by hacking system files.

Other improvements include a new theme installer which allows the webmaster to search for and install themes right from the Wordpress admin interface without leaving the website. This is a similar feature to the automatic plugin installation that was added in earlier versions.

The Wordpress Codex contains a list of all changes and additions that have been added to Wordpress 2.8. The new version can be downloaded from the main Wordpress site.