WordPress 2.8.6 - Security Updates
Version 2.8.6 fixes two security issues that could be exploited by registered and authorized users with publishing rights. If there are extraneous authors on your blog, we recommend upgrading to 2.8.6 .
The first problem - the XSS -uyazvimost tab " Publish ยป ( Press This ), about which said by Benjamin Flesch . The second was discovered by Dawid Golunski - when processing the names of the downloaded files, there was a flaw that could be used on some Apache configurations .
Download WordPress 2.8.6.
UPD : Already wrote about it here