Oct 31 2007
Well, it’s time to update your WordPress installation to the latest release (2.3.1) if you haven’t done so yet. Janek Vind has posted a less critical cross-site scripting vulnerability that applies to version <2.3.0.
Input passed to the ”posts_columns” parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. So this can be exploited to execute arbitrary HTML and script code in a user’s browser session in context.
If you want to speed up the upgrade of WordPress I also suggest that you take a look at WordPress Automatic Upgrade that takes care of the upgrade for you. WordPress Automatic Upgrade allows a user to automatically upgrade the wordpress installation to the latest one provided by wordpress.org using the 5 steps provided in the wordpress upgrade instructions.