Wordpress have just released their latest security update for their blogging platform Wordpress which is version 2.8.6.
This release fixes two vulnerabilities that are only relevant for multi-author blogs as they can only be exploited by registered, logged in users with posting rights.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.
This Wordpress update does not require an update of the Wordpress database. It is however recommended to perform a backup of both the Wordpress files on the web server and the MySQL database to be prepared if the update should fail for any reason.
