WordPress Is Dangerous! Upgrade Now!
Now that my overly sensationalized title has grabbed your headline, here’s the point:
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
For the longer story (I don’t know why you would) click here.
Related posts:
- Apple director admits Tiger users can upgrade with Snow Leopard DVD
- WordPress Categories Made Easy
- Truveo.com releases major website upgrade
- Truphone releases major upgrade for iPhone app
- WordPress 2.0.6 security release is out now, and 2.1 hits beta
This is what I get for being lazy. This vulnerability was actually discovered and written up on Feb 27, 2007. However, if your host is a little on edge and utlizing mod_securit you’re absolutely fine. Mod_security, if using some moderate security signatures should detect the %3E and script string within the URI during the attack vector and deliver an error 500.
I was going to write about this two days ago but got tied up with work. But once again, there were five new attack vectors released and all 5 should be harmless if mod_security is included within apache on your host.
Just FYI
By Justin Shattuck on March 2, 2007 8:58 pm
[...] WordPress is dangerous, Upgrade now! seems to be a headline that is traveling the blogosphere in reference to the WordPress 2.1.1 release. According to numerous websites, there are a number of vulnerabilities that are included within the 2.1.1 release and WordPress.org is notifying their users of a dangerous release and asking everyone to download the new 2.1.2. [...]
By Wordpress Vulnerability, CSRF/XSS Details » Justin Shattuck » Blog Archive on March 2, 2007 9:22 pm
Wanted to compliment on your site, it looks really good .
Hank
By hoodiaweightloss on April 29, 2007 8:35 pm