2.8.6 solutions 2 protection troubles that can be manipulated by signed up, visited customers that have uploading advantages. If you have untrusted writers on your blog site, updating to 2.8.6 is suggested.
The very first issue is an XSS susceptability in Press This found by Benjamin Flesch. The 2nd issue, found by Dawid Golunski, is a problem with sterilizing uploaded data names that can be manipulated in particular Apache setups. Many thanks to Benjamin and also Dawid for searching for and also reporting these.