While we are still waiting the release of Wordpress 2.7, we may need to upgrade our Wordpress to version 2.6.5 immediately, as there are some security issues in version 2.6.3.

According to Wordpress blog,

The security issue is an XSS exploit discovered by Jeremias Reith that fortunately only affects IP-based virtual servers running on Apache 2.x. If you are interested only in the security fix, copy wp-includes/feed.php and wp-includes/version.php from the 2.6.5 release package.

You may choose to download the complete Wordpress 2.6.5 package or download the individual files and the replace with your current 2.6.3 installation:

• wp-includes/post.php
• wp-includes/version.php
• wp-includes/feed.php
• wp-admin/users.php
• xmlrpc.php

Although Wordpress 2.7 will be release soon, but the Wordpress team still continue support and fix Wordpress 2.6’s bugs. They just released Wordpress 2.6.3, which fixed the vulnerability found in Snoopy library. The Snoopy library is being used to fetch feed shown in admin dashboard.

According to the Wordopress team, hacker can use this vulnerability to execute shell command and hack your Wordpress server. Anyway, this is just a small fix. Instead of downloading the full package, you may download these two files and upload to your server:

• wp-includes/class-snoopy.php
• wp-includes/version.php