WordPress 2.8.6 - Security Updates

Version 2.8.6 fixes two security issues that registered and authorized users with publishing rights could use. If there are third-party authors on your blog, we recommend upgrading to 2.8.6 .

The first problem is XSS vulnerability in the “ Publish ” tab ( Press This ), reported by Benjamin Flesch . The second one was discovered by Dawid Golunski - there was a flaw in the processing of the names of the downloaded files, which could be used on some Apache configurations.

Download WordPress 2.8.6.
')
UPD : Already wrote about it here