- Lester Chan's WordPress Plugins - https://lesterchan.net/wordpress -

WordPress 2.6.5

WordPress 2.6.5 [1] has been released. This release fixes a security problem as well as 3 other minor fixes.

he security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Note that we are skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds. There is not and never will be a version 2.6.4.

5 files have been changed:

  1. /wp-admin/users.php [2]
  2. /wp-includes/feed.php [3]
  3. /wp-includes/post.php [4]
  4. /wp-includes/version.php [5]
  5. xmlrpc.php [6]

You can just download this 5 files and upload it to your server