The good folks at WordPress have just released a new security patch for WordPress platform (WP 2.6.3). Here is the deal:
A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately.
For those of you who are a bit more technical:
This can be exploited to inject arbitrary shell commands via a script calling the “fetch()” or “submit()” function with an URL controlled by the attacker.
This is a highly critical security item, so you should download yours as soon as possible.