WordPress Themes Blog Oh! Blog

Share on Facebook0Tweet about this on TwitterShare on Google+0Pin on Pinterest0Share on LinkedIn0

If you have allowed open registration for your blog readers, you might want to consider upgrading to the latest version of WordPress – 2.6.2. This new release of WordPress fixes some vulnerabilities and exploits which can be used by attackers.

Here is what WordPress blog says about this exploit :-

With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.


Some other bug fixes include:-

  • Images that were always inserted into a post at full size
  • RSS widget linking if there isn’t a link
  • Inability to control where a user redirects to when they log in
  • Include mysql version in version check query string

For more information, check out the release post.

If you are already using WordPress 2.6.1, you can save time by just downloading a zip archive of 12 files that you have to replace in order to upgrade to 2.6.2. Go here and scroll right down to the bottom of the page and click on “Zip Archives”.

Download WordPress 2.6.2
Upgrade Instructions

Share on Facebook0Tweet about this on TwitterShare on Google+0Pin on Pinterest0Share on LinkedIn0
  1. ?????? left a comment on April 19, 2017 at 5:51 pm |

    About the WordPress Organization, and where we re going. Curious about which jazzers we highlighted for each release?

  2. Tina left a comment on March 24, 2016 at 10:54 pm |

    Dalian Huagong Innovation Technology Co., Ltd. is a new high-tech enterprise devoting to innovation and research and development established in 2003 with business covering many countries all over the world. It concentrates on industry, automobile, electric, consumption, energy and construction fields. The company was listed on NEEQ in Jan. 2014. It is one of enterprises listed in the first batch after expansion of NEEQ. Stock Code: 430615. Stock Abbreviation: Huagong Innovation. Sealing system, thermal insulation glue injection system and door & window system of the Huagong Innovation HGIT Brand provide innovative and beneficial solutions for clients, thus improve their product quality. In the meanwhile, the company customizes energy-saving, environment protective, beneficiating and cost-effective system automation lines aiming at customers’ requirements and serves customers all over the world with professional technology.
    The company values combination of production, teaching and researching. It not only has scientific research and development projects aiming at future development with domestic first-class schools, but also has close strategic cooperation relation with many international transnational corporations.
    As a strategic partner of the Dow Chemical – a world 500 top in polyurethane thermal insulation project, the company and HANs Chemical (Dalian) Co., Ltd. – a wholly-owned subsidiary of the company jointly provide systemic solutions for building heat preservation and energy saving.
    The Huagong Innovation will persistently provide comprehensive support for customers with innovative technology, excellent solution and superior service.
    http://www.hgcx.cn/en/index.php

  3. chrisitan louboutin left a comment on July 5, 2011 at 8:50 am |

    certainly like your website but you need to check the spelling on quite a few of your posts. Many of them are rife with spelling issues and I find it very bothersome to tell the truth nevertheless I’ll surely come back again.

  4. walterper left a comment on November 2, 2008 at 4:02 pm |

    WordPress – 2.6.2?
    WordPress – 2.7

  5. bloghe@ya.ru left a comment on November 1, 2008 at 8:18 am |

    ??? ? ????? ?????????? ???? ???????????!

    ?? ? ????: ???? ??????? ????? ??????????, ????????? ? ?????? ???????
    ?????-?????? ???????? ??? ????, ?? ? ???????
    “?????? ??? ????? ? ??????????”

  6. TechHairBall left a comment on September 24, 2008 at 10:00 pm |

    Nice theme

  7. AbeOnTech left a comment on September 22, 2008 at 10:06 am |

    I downloaded the latest version from wordpress.org, but the readme has 2.6.1 as the version number and it won’t let me upgrade -_-

  8. Suzan left a comment on September 16, 2008 at 12:18 pm |

    Yeah well, I noticed that and I was like “Oh no! Not again!”
    Really, this is a pain in the butt for a wordpress newb like me to stay up with frequent updates. Oh well .. sigh.

  9. mushroom left a comment on September 16, 2008 at 3:01 am |

    @rock:-
    I thick so

  10. KrAzy Che3To left a comment on September 15, 2008 at 7:26 am |

    Something in my wordpress seems to always break with another upgrade.. so I’m not updating this to this one quite yet on my main site.

  11. Knox left a comment on September 12, 2008 at 1:42 pm |

    hey there thanks for the update! anyway i’ve upgraded to wordpress 2.6.2 and this is a necessary upgrade if you allow open registrations. for those who don’t i guess you just wait for the upcoming versions. 🙂

  12. nadasumbang left a comment on September 11, 2008 at 1:14 am |

    thank jai, i always stay tune your blog…hik…hik..hik

  13. Arnold – Mr.Gadget left a comment on September 10, 2008 at 4:53 am |

    Thanks for the headsup on WP 2.6.2! Now to upgrade my gadget blog! 🙂

  14. rock left a comment on September 9, 2008 at 6:07 pm |

    Thanks man for the info.There’s always another angle to things like this.The question is should I upgrade? Jai here is just pointing out why you should consider doing it.

  15. Kartik left a comment on September 9, 2008 at 3:06 pm |

    Thanks a lot for the information, but every wordpress user will know about this because it pops up on their admin section !

Leave a Comment

Your email address will not be published. Required fields are marked *

What Others Say

BannerJai was awesome to work with. A port of an ASPX/HTML site to Wordpress went seamlessly, and his recreation of our look and feel were fantastic - Kevin Webster

BannerJai is a talented, creative and an enthusiastic web developer who has worked consistently to deliver high quality websites for my businesses - James Eccles

  •   Let’s Talk

    "Thank you for visiting my website! In order to start a project with me, please send me information on your project so I can figure out how best to help you."

    "After your initial contact, I’ll schedule a quick one-on-one session via Skype to review the project and get to know you."
     Request a Quote
  Have Questions?   Hire Me

Send Me Your Questions

Tell Me About Your Project