WordPress 2.6.2 Released

Published On September 9, 2008
12 Comments Leave a Comment

If you have allowed open registration for your blog readers, you might want to consider upgrading to the latest version of WordPress – 2.6.2. This new release of WordPress fixes some vulnerabilities and exploits which can be used by attackers.

Here is what WordPress blog says about this exploit :-

With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.

Some other bug fixes include:-

  • Images that were always inserted into a post at full size
  • RSS widget linking if there isn’t a link
  • Inability to control where a user redirects to when they log in
  • Include mysql version in version check query string

For more information, check out the release post.

If you are already using WordPress 2.6.1, you can save time by just downloading a zip archive of 12 files that you have to replace in order to upgrade to 2.6.2. Go here and scroll right down to the bottom of the page and click on “Zip Archives”.

Download WordPress 2.6.2
Upgrade Instructions

12 replies on “WordPress 2.6.2 Released”

chrisitan louboutin Reply

certainly like your website but you need to check the spelling on quite a few of your posts. Many of them are rife with spelling issues and I find it very bothersome to tell the truth nevertheless I’ll surely come back again.

Suzan Reply

Yeah well, I noticed that and I was like “Oh no! Not again!”
Really, this is a pain in the butt for a wordpress newb like me to stay up with frequent updates. Oh well .. sigh.

KrAzy Che3To Reply

Something in my wordpress seems to always break with another upgrade.. so I’m not updating this to this one quite yet on my main site.

Knox Reply

hey there thanks for the update! anyway i’ve upgraded to wordpress 2.6.2 and this is a necessary upgrade if you allow open registrations. for those who don’t i guess you just wait for the upcoming versions. 🙂

rock Reply

Thanks man for the info.There’s always another angle to things like this.The question is should I upgrade? Jai here is just pointing out why you should consider doing it.

Leave a Reply

Your email address will not be published. Required fields are marked *