Walker News

Update To Latest WordPress 2.6.5 To Fix XSS Exploit

If you host a WordPress blog and expect it to live under your full control, then you should never wait for another days to update the core files whenever there is a new release for download (absolutely free from WordPress.org).

According to Ryan’s post, the latest WordPress 2.6.5 fixes one serious security threat (XSS exploit) and three bugs – prevents accidentally saving post meta information to a revision, prevents XML-RPC from fetching incorrect post types, and adds some user ID sanitization during bulk delete requests.

All these fixes involves changes on 5 existing core files of WordPress 2.6.3. That’s to say, you can simply update these affected core files only, if you’re not ready to update all core files of WordPress 2.6.3.

Because there was a fake, trojaned version of WordPress 2.6.4 “released” by the bad guys, the WordPress team decided to skip “contaminated” version 2.6.4 and jump from 2.6.3 to 2.6.5.

Custom Search

2014  •  Privacy Policy