WordPress 2.8.6 has fixed two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog then you will have to upgrade to 2.8.6 which is recommended.
The problems are as these:
– An XSS vulnerability in Press
– An issue with sanitizing uploaded file names that can be exploited in certain Apache configurations.