WordPress 2.6.2 Released
Written by Jai on September 9, 2008 – 5:45 am - 5,669 views
If you have allowed open registration for your blog readers, you might want to consider upgrading to the latest version of WordPress - 2.6.2. This new release of WordPress fixes some vulnerabilities and exploits which can be used by attackers.
Here is what WordPress blog says about this exploit :-
With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.
Some other bug fixes include:-
- Images that were always inserted into a post at full size
- RSS widget linking if there isn’t a link
- Inability to control where a user redirects to when they log in
- Include mysql version in version check query string
For more information, check out the release post.
If you are already using WordPress 2.6.1, you can save time by just downloading a zip archive of 12 files that you have to replace in order to upgrade to 2.6.2. Go here and scroll right down to the bottom of the page and click on “Zip Archives”.
Download WordPress 2.6.2
Upgrade Instructions
If you enjoyed this post, make sure you subscribe to my RSS feed!
on Sep 9, 2008
Thanks a lot for the information, but every wordpress user will know about this because it pops up on their admin section !
on Sep 9, 2008
Thanks man for the info.There’s always another angle to things like this.The question is should I upgrade? Jai here is just pointing out why you should consider doing it.
on Sep 10, 2008
Thanks for the headsup on WP 2.6.2! Now to upgrade my gadget blog!
on Sep 11, 2008
thank jai, i always stay tune your blog…hik…hik..hik
on Sep 12, 2008
hey there thanks for the update! anyway i’ve upgraded to wordpress 2.6.2 and this is a necessary upgrade if you allow open registrations. for those who don’t i guess you just wait for the upcoming versions.
on Sep 15, 2008
Something in my wordpress seems to always break with another upgrade.. so I’m not updating this to this one quite yet on my main site.
on Sep 16, 2008
@rock:-
I thick so
on Sep 16, 2008
Yeah well, I noticed that and I was like “Oh no! Not again!”
Really, this is a pain in the butt for a wordpress newb like me to stay up with frequent updates. Oh well .. sigh.
on Sep 22, 2008
I downloaded the latest version from wordpress.org, but the readme has 2.6.1 as the version number and it won’t let me upgrade -_-
on Sep 24, 2008
Nice theme
on Nov 1, 2008
??? ? ????? ?????????? ???? ???????????!
?? ? ????: ???? ??????? ????? ??????????, ????????? ? ?????? ???????
?????-?????? ???????? ??? ????, ?? ? ???????
“?????? ??? ????? ? ??????????”
on Nov 2, 2008
WordPress - 2.6.2?
WordPress - 2.7