Comments on: WordPress 2.0.6 is Out

By: Mark Marucot

Mark Marucot — Sun, 07 Jan 2007 23:53:02 +0000

WordPress 2.0.6 is released which includes security fix about the persistent XSS vulnerability. This security issue has been found in specifically on WordPress 2.0.5′s template.php allows a user with access to the templates.php to insert arbitrary HTML and/or Javascript which can be then executed by other administrators. The link title of recent accessed files is not sanitized which causes the HTML tags ending with “/” fail. Prior to 2.0.6 release, the temporary workaround is using open “IMG” tags which only works on Firefox and Internet Explorer

By: ThÃ¡ssius Veloso

ThÃ¡ssius Veloso — Sat, 06 Jan 2007 20:35:20 +0000

I was just reading about the release and it seems the former version to be dangerous. But DreamHost hasn’t already allowed the one-click update. So, I’ll have to wait more.

By: Ron

Ron — Fri, 05 Jan 2007 22:37:28 +0000

Works like charm!