WordPress released the latest versionĀ (2.6.2) of its blogging software on Monday – they are encouraging users to implement it immediately. According to Lorelle VanFossen:
This mandatory security upgrade adds protection for a SQL Column Truncation and other security and bug fixes. There is a full changeset and list of changed files to help you find the differences, and a specific changeset for downloading will be available soon.
The vulnerability impacts all PHP applications, not just WordPress, specifically open registration on WordPress blogs. Boren says the attack is difficult to accomplish, but WordPress would rather be safer than sorrier if this is manipulated in the future. If you allow open registration on your WordPress blog, upgrade immediately and follow the instructions in the announcement.