In association with heise online

22 July 2009, 14:41

WordPress 2.8.2 closes XSS vulnerability

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Wordpress logo The Wordpress developers have released WordPress 2.8.2 to close an XSS vulnerability in previous versions. The problem in the blog publishing platform is reported to have been with comment author URLs which were not fully sanitised. This could be exploited by an attacker to redirect an administrator to another site.

The developers recommend that users either download the 2.8.2 release and install it or use WordPress's automatic update facility by selecting Tools>Upgrade from a WordPress blog's administration page.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit