WordPress < 2.8.6 Arbitrary File Upload Vulnerability


"WordPress is prone to a vulnerability that lets attackers upload
arbitrary files. The issue occurs because the application fails to
adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and
run it in the context of the webserver process. This may facilitate
unauthorized access or privilege escalation; other attacks are also

Wordpress 2.8.5 and earlier are vulnerable. It is recommended to
upgrade to Wordpress 2.8.6 to avoid exploitation.