Here’s a little bit of information regarding the security issue and the three bugs that version 2.6.5 fixes:

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x…

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests.

Btw, if you’ve noticed the WordPress development team skipped from 2.6.3 to 2.6.5. That is not an error and is done purposely to avoid confusion with the fake 2.6.4 version that the fake WordPress site tried to distribute early this month.

If you’re not interested in doing a full upgrade but still make your WordPress installation secure, all you need to do is download version 2.6.5, copy wp-includes/feed.php and wp-includes/version.php and upload (overwrite existing files) them to your wp-includes folder.

I’ve already upgraded mine and I advise that you do the same thing. It only takes a few minutes to do plus you’ll have peace of mind that your WordPress blog is more secure. Make sure you only download from the real WordPress site. Better safe than sorry!

Download WordPress 2.6.5