WordPress 2.6.5

WordPress 2.6.5 has been released. This release fixes a security problem as well as 3 other minor fixes.

he security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Note that we are skipping version 2.6.4 and jumping from 2.6.3 to 2.6.5 to avoid confusion with a fake 2.6.4 release that made the rounds. There is not and never will be a version 2.6.4.

5 files have been changed:

  1. /wp-admin/users.php
  2. /wp-includes/feed.php
  3. /wp-includes/post.php
  4. /wp-includes/version.php
  5. xmlrpc.php

You can just download this 5 files and upload it to your server

1 Star2 Stars3 Stars4 Stars5 Stars (29 votes, average: 3.52 out of 5)

WordPress 2.6.3

WordPress 2.6.3 is out, it fixes a Snoopy class vulnerability.

A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately. 2.6.3 is available for download right now. If you don’t want to download the whole release to get the security fix, you can download the following two files and copy them over your 2.6.2 installation.

Replace these 2 files:

  1. wp-includes/class-snoopy.php
  2. wp-includes/version.php

Download full version:

1 Star2 Stars3 Stars4 Stars5 Stars (42 votes, average: 3.86 out of 5)

WordPress 2.6.2

WordPress 2.6.2 has been released.

Stefan Esser recently warned developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). With his help we worked around these problems and are now releasing WordPress 2.6.2. If you allow open registration on your blog, you should definitely upgrade. With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password. Stefan Esser will release details of the complete attack shortly. The attack is difficult to accomplish, but its mere possibility means we recommend upgrading to 2.6.2.

Here is a list of bugs fixed:

  • Can’t control where a user redirects to when they log in
  • Bug in textpattern import
  • include mysql version in version check query string
  • RSS widget shouldn’t link if there isn’t a link
  • get_post_meta fails to unserialize when $single=false
  • typing error in wp-settings.php
  • comment_max_links causes confusion when zero
  • get_posts not working properly
  • Insert image into post always inserts full size
  • Filter news on templates cant work
  • Typo in post revisions

Here is a list of changed files:

  • wp-login.php
  • wp-settings.php
  • /wp-includes/formatting.php
  • /wp-includes/pluggable.php
  • /wp-includes/post.php
  • /wp-includes/query.php
  • /wp-includes/version.php
  • /wp-includes/widgets.php
  • /wp-admin/css/press-this-ie.css
  • /wp-admin/import/textpattern.php
  • /wp-admin/includes/image.php
  • /wp-admin/includes/template.php

Download WordPress 2.6.2

1 Star2 Stars3 Stars4 Stars5 Stars (78 votes, average: 3.63 out of 5)

WordPress 2.6.1

WordPress 2.6.1 has been released and it is a very minor release. Not security flaws has been found and hence WordPress 2.6.1 is not a security fix so if you are comfortable with WordPress 2.6 like me, you don’t have to upgrade.

2.6.1 offers several improvements for international users. Styling of the admin for right-to-left languages is much improved thanks to the efforts of the Farsi and Hebrew translation teams, and a mysterious gettext bug caused by certain PHP configurations is now fixed. For IIS users, 2.6.1 fixes several permalink problems. Image insertion problems in the Press This feature experienced by IE users are also fixed. Of note to everyone is a fix for a performance bug in the admin where those with a lot of plugins would experience slowness on some pages.

I am so looking forward to WordPress 2.7 as lots of features which are available as plugin will be built into the core.

Download WordPress 2.6.1

*UPDATE* I decided to upgrade to stopped the nagging upgrading message to appear.

1 Star2 Stars3 Stars4 Stars5 Stars (202 votes, average: 3.82 out of 5)

Lester Chan’s WordPress Plugins July 2008 Update

Here is my July 2008 WordPress plugins update containing all my 15 WordPress plugins. All of them should work on WordPress 2.5 as well as WordPress 2.6. It is not tested for any version below that.

In general, most of the updates are bug fixes. These updates in theory should be able to work till WordPress 2.7 when it comes out end of this year.

My new semester will begin on 2nd week August 2008, and hence I will be busy with my school work. So no updates to my plugins will be out till the end of this year unless it is a critical bug or a security issue.

Be sure to read the readme.html and checkout the changelog for more information and most importantly NOTE THE TABS AT THE TOP

WP-Ban 1.31
» Readme/Changelog
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-DBManager 2.31
» Readme/Changelog
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-DownloadManager 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-EMail 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-PageNavi 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-PluginsUsed 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-Polls 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-PostRatings 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-PostViews 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-Print 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-RelativeDate 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-ServerInfo 1.31
» Readme/Changelog
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-Sticky 1.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-Stats 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

WP-Useronline 2.31
» Readme/Changelog
» Demo
» Download Mirror #1
» Download Mirror #2
» Support Forum

If you like or love my plugins a lot, do consider making a donation to me. My Paypal email address is lesterchan AT gmail DOT com. Thank you =D

1 Star2 Stars3 Stars4 Stars5 Stars (84 votes, average: 4.19 out of 5)