WordPress blog software has been upgraded to version 2.8.5 to backport a number of security hardening changes to make WordPress-powered blogs more secure. A fix for the Trackback Denial-of-Service attack that is currently being seen. Switched the file upload functionality to be whitelisted for all users including Admins. The changes have been made to remove areas within the code where PHP code in variables was evaluated. The new version of WordPress is now being pushed out.
Source: https://threatpost.com/wordpress-zaps-security-bugs-hardening-release-102109/72495/