Welcome back!

WordPress has released a critical update today. Quoting their official blog -

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

2.6.5 contains three other small fixes in addition to the XSS fix. The first prevents accidentally saving post meta information to a revision. The second prevents XML-RPC from fetching incorrect post types. The third adds some user ID sanitization during bulk delete requests. For a list of changed files, consult the full changeset between 2.6.3 and 2.6.5.

Upgrading to WordPress 2.6.5 is very easy. Since there is no database upgrade from the previous WordPress version, all you have to do is download the five files linked below and upload them into the respective folders on your server.

1. /wp-admin/users.php
2. /wp-includes/feed.php
3. /wp-includes/post.php
4. /wp-includes/version.php
5. xmlrpc.php

Hope you had no problem upgrading your WordPress installation to the latest version!