The security issue is an XSS exploit discovered by Jeremias Reith that affects IP-based virtual servers running on Apache 2.x.
The first fix prevents accidentally saving post meta information to a revision.Â The second prevents XML-RPC from fetching incorrect post types.Â The third adds some user ID sanitization during bulk delete requests.
As usual, I’ve made available an update file to upgrade your WordPress 2.6.3 blog to 2.6.5. The file as per the changeset between 2.6.3 and 2.6.5.
Ajay is an investment banker by profession and a die-hard blogger by passion. He is the owner and chief editor of Techtites. In his free time, he also blogs at AjayDSouza.com, authors a few WordPress plugins and operates Sir Arthur Conan Doyle