WordPress 2.8.2 closes XSS vulnerability
The Wordpress developers have released WordPress 2.8.2 to close an XSS vulnerability in previous versions. The problem in the blog publishing platform is reported to have been with comment author URLs which were not fully sanitised. This could be exploited by an attacker to redirect an administrator to another site.
The developers recommend that users either download the 2.8.2 release and install it or use WordPress's automatic update facility by selecting
Upgrade from a WordPress blog's administration page.