WordPress 2.6.5 Security Upgrade

The WordPress team announced a security upgrade to 2.6.5 that fixes an exploit only affects IP-based virtual servers running on Apache 2.x.  Fortuanately, for Blogs About clients, this only affects our clients on only one of our servers.  If you are hosted on our Kiwi server (IP 76.74.159.114), and are running WordPress on your account, you will want to upgrade to WordPress 2.6.5.  Our Kiwi server is running Apache 2.2.9.  ( The IP of the server you are on is listed in your account CPanel, in the left menu – if is 76.74.159.114 – you’re on Kiwi)

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Get the WordPress 2.6.5 files from the official WordPress site.