• subscribe
  • twitter

An Unexpected WordPress 2.8.2 Security Patch


An unexpected upgrade of the WordPress blogging platform has been released. WordPress 2.8.1 was released roughly two weeks ago, and nobody expected WordPress 2.8.2 to come out so soon.

The upgrade or security patch fixes an XSS vulnerability. The upgrade note says the vulnerability could be exploited this way:

“Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site”

You are strongly advised to upgrade as soon as possible. You can do it by downloading the WordPress 2.8.2 package and upload via a FTP Client to your server or from Tools -> Upgrade page of your blog’s admin.

Download WordPress 2.8.2