WordPress 2.6.5 is released and it is advisable to upgrade to this release because it fixes one security problem and three bugs. The security issue discovered by Jeremias Reith is an XSS exploit. This security issue is fortunately only affects Apache 2.x which has configured to run as IP-based virtual servers. You can copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package if you just wanted the security fix.
However, this version includes 3 other small fixes in addition to the XSS fix. The fixes are: –
- prevents accidentally saving post meta information to a revision
- prevents XML-RPC from fetching incorrect post types
- adds some user ID sanitization during bulk delete requests
Nevertheless, you can read the full changeset between 2.6.3 and 2.6.5 to understand fixes on the previous version. So, do upgrade your WordPress to avoid the exploit. Lastly, I had upgraded mine before this post.