Wordpress Is Dangerous! Upgrade Now!
Now that my overly sensationalized title has grabbed your headline, here’s the point:
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
For the longer story (I don’t know why you would) click here.
Related posts:
- Wordpress gets security update (and Feedburner fix)
- Is Blogging Dangerous?
- Cablevision delivers advanced Internet security tools for free
- Apple director admits Tiger users can upgrade with Snow Leopard DVD
- Wordpress 2.0.6 security release is out now, and 2.1 hits beta
This is what I get for being lazy. This vulnerability was actually discovered and written up on Feb 27, 2007. However, if your host is a little on edge and utlizing mod_securit you’re absolutely fine. Mod_security, if using some moderate security signatures should detect the %3E and script string within the URI during the attack vector and deliver an error 500.
I was going to write about this two days ago but got tied up with work. But once again, there were five new attack vectors released and all 5 should be harmless if mod_security is included within apache on your host.
Just FYI
By Justin Shattuck on March 2, 2007 8:58 pm
[...] Wordpress is dangerous, Upgrade now! seems to be a headline that is traveling the blogosphere in reference to the Wordpress 2.1.1 release. According to numerous websites, there are a number of vulnerabilities that are included within the 2.1.1 release and Wordpress.org is notifying their users of a dangerous release and asking everyone to download the new 2.1.2. [...]
By Wordpress Vulnerability, CSRF/XSS Details » Justin Shattuck » Blog Archive on March 2, 2007 9:22 pm
Wanted to compliment on your site, it looks really good .
Hank
By hoodiaweightloss on April 29, 2007 8:35 pm