Wordpress 2.8.6 Update

When writing informative information regarding updates to Wordpress it’s always worries me that people will get the wrong idea about Wordpress. Although the program does go through a lot of minor updates this should instill further confidence in people that the core Wordpress team (and the many contributors) care about their product. I have yet to see an organisation that reacts so swiftly to possible security threats.

The latest of these threats comes from within the community that uses your blog (registered users), if you feel that you have contributors to your site that may be a little shady then this update is for you. If however you are the sole contributor to your Blog/Website then this will not affect you.

The recently found exploit allows users who are able to upload images, Video’s etc to inject and execute arbitrary PHP code on the hosting server. In laymen’s terms this means that someone could upload a PHP piece of code disguised as an image. The images is disguised by altering its file name in the following way BadPHP.php.jpg leaving Wordpress to assume that you added an image, however when the file is called (for example as part of a post) the PHP code is allowed to run.

Thankfully as usual the Wordpress 2.8.6 update will resolve this issue.