Looks like another security fix is rolled out by WordPress.
Latest stable version now stands at v2.8.6.
I’ve yet to upgrade, as the current issue is more of blogs that have registered logged in users, like portals, but my blogs are authored solely by me.
Still here’s the link to upgrade
via WP
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.
The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch. The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
