Following less than two weeks after the release WordPress 2.8.1, which fixed a potentially serious security vulnerability, a new version has been released to patch another potentially serious security vulnerability. In versions before 2.8.2, comment author URLs were not fully sanitized which could lead to a cross-site scripting (XSS) attack. When viewing a page in the administrative interface that contains a specifically crafted comment author URL the user would be automatically redirected to another web page. That other web page could try to infect the user’s machine with malware or try to perform some other harmful activity.