Tuesday, January 2nd, 2007...1:47 pm...by:
WordPress Vulnerability
I was reading Reaper-X’s blog yesterday when I came across the post about the latest WordPress vulnerability. Naturally, since we use WordPress, my ears perked up.
As it stands, here is a description of the problem from the SecurityFocus web site:
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Shout out to Reaper-X for bringing this to our attention. We fixed our blog code last night after reading the post :). Today, I noticed that Secunia has also posted on it.
If you use WordPress, here is a link to the official fix that will show you what to change in the code of your templates.php file.
-
EDIT: Madhur pointed out that WordPress has not verified this vulnerability. So, keep that in mind when considering the fix (Thanks, Madhur ;)).
- WordPress Vulnerability There is an unspecified flaw in WordPress that could result...
- WordPress 2.0.6 Bug WordPress made the recommendation to upgrade to version 2.0.6 due...
- WordPress Keyboard Shortcuts If you use WordPress for your blogging software of choice,...
- Lite Post Ok, here is a post of some blog nuggets that...
- Minimize Your Blog’s Duplicate Content Duplicate content on blogs is usually a big issue if...
3 Comments
January 2nd, 2007 at 2:53 pm
Hi man …offcially this has not been confirmed by Wordpress …so better wait for them to confirm ..
January 2nd, 2007 at 3:01 pm
I agree, but Secunia is usually on top of things and I figured it was better to give everyone a “heads-up” since it is potentially a serious flaw.
But you are absolutely right, it is best to wait for confirmation :). I am going to edit the post to mention that. Thanks :).
January 23rd, 2007 at 2:41 pm
Hi! Why I can’t fill my info in profile? Can somebody help me?
My login is Kisakookoo!
Leave a Reply