An update to the WordPress platform, version 2.8.2, was issued earlier today that addresses a security issue known as XSS or cross-site scripting.
It’s an unexpected update, given that version 2.8.1 was released less than two weeks ago. But good to see that the community involved in WordPress development is on the case and with a quick fix.
The announcement post says this about the issue:
WordPress 2.8.2 fixes an XSS vulnerability. Comment author URLs were not fully sanitized when displayed in the admin. This could be exploited to redirect you away from the admin to another site. Download 2.8.2 or automatically upgrade from the Tools->Upgrade page of your blog’s admin.
I’m updating and I recommend you do, too, if you run WordPress.