Hot on the heels of the recent 2.8.1 update
for WordPress Baker, Auttomatic and its development community have released yet another .1 update to patch an important security vulnerability, applicable to all custom installations running versions 2.8 and 2.8.1.
The official statement:
“WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blogâ€™s admin.”
If you are running any version above 2.7, you will most likely see a notice at the top of your admin panel advising you of this most recent update, with the option to do a one-click update. It is strongly recommended you do so as soon as possible.
The update replaces some ten files, but does not appear to modify the database structure in any way.
About the Author: