WordPress 2.8.2 Fixes XSS Vulnerability

by Ben Cook on July 20, 2009

WordPress 2.8.2 Fixes XSS Vulnerability

WordPress released version 2.8.2 this morning in response to an XSS vulnerability that could redirect bloggers to other websites rather than their WordPress admin panel as expected.

While the handy yellow “it’s time to update bar” hasn’t shown up in my dashboard yet, that doesn’t mean I’m not able to upgrade to the newest version automatically.

Simply look under the Tools heading in your left hand sidebar and click the Upgrade option.

If you don’t have the newest version of WordPress installed, you should see a screen that looks a lot like this:

wp-upgradeUpdate Again?!?

There’s been quite a bit of complaining about this update since 2.8.1 came out so recently. And, having a list of over 30 websites that I need to update now, I can understand the frustration.

But before you start claiming WordPress is the bane of your existence, you might want to consider two things.

WordPress is built by the open-source community and is free to use. That means that not only will mistakes be made and vulnerabilities like this missed, but hackers also have access to all of the source code. Just as there are people working on making WordPress better, there are people working to make updates like this neccessary.

And, while it can be a bit of a hassle to update all your sites (especially if you have a bunch), it’s MUCH easier than it used to be and is DEFINITELY easier and less time consuming than fixing your site after having been hacked.

Could WordPress do a better job of finding and fixing security issues before doing major releases? Absolutely, but hopefully the community will learn as we go and make those adjustments along the way.

Image Source: evaekeblad

{ 0 comments… add one now }

Previous post:

Next post: