Dev team has released an urgent security release WordPress 2.6.2 in response to Stefan Esser’s recently warning to developers of the dangers of SQL Column Truncation and the weakness of mt_rand(). The attack is complex and is dependent on open registration being turned on in your blog, but can be executed in theory and turns out to be more of an annoyance than an actual exploit. A handful of bug fixes are also included in this upgrade. Check out the full changeset and list of changed files.

Download