Just as I finished publishing my previous post, I saw the notification that WordPress 2.8.6 security release is now available for download. Here’s what the official WordPress blog has to say about this new release:

2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.

If you were having problems accessing this blog earlier, it was because I was upgrading my WordPress install to 2.8.6. Although I trust the other authors on my blog, there’s always a possibility that some hacker or malicious user can obtain their login details and use that to compromise my blog. I just want to be sure, play safe and prevent any problems or headaches. As I always say, “better safe than sorry”. If you have other authors on your blog other than yourself, I strongly encourage you to upgrade to WordPress 2.8.6 now.

Get WordPress 2.8.6.