Just got a buzz from a buddy of mine about wordpress 2.8.6 release. My first impression was whoa.. already? I still can feel the feels in my fingers - I coded a project built on wordpress 2.8.5, and it is now in the past!
Well yea, wordpress known as one of the open source cms vendor with really really good care of their security, so if they release something new, it must’ve been a security fix, or features improvements. Version 2.8.6, is one of its release from their security fix outlet.
There are 2 Security Fixes:
From official wordpress blog regarding this WordPress 2.8.6 Security Release :
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
Plain english would be read like this : There re 2 security problems which could be exploited by one of your registered user - with posting privileges and logged in. So actually, this security problem is an exploitable problem by someone who’s already in (logged in as a registered user), and has posting privilege (authors, editors, or other user with custom privileges with posting ability in it.) Long story short : Exploitable by inside man.
The 2 Security Problems Are
1. An XSS vulnerability in Press This discovered by Benjamin Flesch.
2. An issue with sanitizing uploaded file names that can be exploited in certain Apache configurations, discovered by Dawid Golunski.
Be advise, IF you guys have a blog with multiple authors, and there’s a possibility one of them has a possibility to go “bad”, this release is definitely recommended for you.
Alrite.. catch up with you later! 
→ 
