Wordpress Is Dangerous! Upgrade Now!
Now that my overly sensationalized title has grabbed your headline, here’s the point:
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
For the longer story (I don’t know why you would) click here.
Do you like this article? Submit it to Blogosphere News!
This is what I get for being lazy. This vulnerability was actually discovered and written up on Feb 27, 2007. However, if your host is a little on edge and utlizing mod_securit you’re absolutely fine. Mod_security, if using some moderate security signatures should detect the %3E and script string within the URI during the attack vector and deliver an error 500.
I was going to write about this two days ago but got tied up with work. But once again, there were five new attack vectors released and all 5 should be harmless if mod_security is included within apache on your host.
Just FYI
By Justin Shattuck on March 2, 2007 8:58 pm
[…] Wordpress is dangerous, Upgrade now! seems to be a headline that is traveling the blogosphere in reference to the Wordpress 2.1.1 release. According to numerous websites, there are a number of vulnerabilities that are included within the 2.1.1 release and Wordpress.org is notifying their users of a dangerous release and asking everyone to download the new 2.1.2. […]
By Wordpress Vulnerability, CSRF/XSS Details » Justin Shattuck » Blog Archive on March 2, 2007 9:22 pm
Wanted to compliment on your site, it looks really good .
Hank
By hoodiaweightloss on April 29, 2007 8:35 pm