WordPress update fixes vulnerabiliy
In WordPress version 2.6.5, the developers of the open source blog-publishing tool fixed a cross site scripting (XSS) vulnerability as wells as three bugs not related to security. However, the XSS hole can only be exploited on IP-address-based virtual servers running Apache 2.x. Since installations at web hosts are usually name-based, it is not likely that many users will be affected.
- WordPress 2.6.5, Description of the update
- WordPress XSS vulnerability in RSS Feed Generator, Description of the vunerability from Jeremias Reith