I was reading Reaper-X’s blog yesterday when I came across the post about the latest WordPress vulnerability. Naturally, since we use WordPress, my ears perked up.
As it stands, here is a description of the problem from the SecurityFocus web site:
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Shout out to Reaper-X for bringing this to our attention. We fixed our blog code last night after reading the post :). Today, I noticed that Secunia has also posted on it.
If you use WordPress, here is a link to the official fix that will show you what to change in the code of your templates.php file.
-
EDIT: Madhur pointed out that WordPress has not verified this vulnerability. So, keep that in mind when considering the fix (Thanks, Madhur ;)).
Recent Posts
In Web Design
Domain Name Services Scam - Kind of
Jan 2, 2007
I was reading Reaper-X’s blog yesterday when I came across the post about the latest WordPress vulnerability. Naturally, since we use WordPress,...
Web Design Basics
Jan 2, 2007
I was reading Reaper-X’s blog yesterday when I came across the post about the latest WordPress vulnerability. Naturally, since we use WordPress,...
Three Common Web Design Mistakes
Jan 2, 2007
I was reading Reaper-X’s blog yesterday when I came across the post about the latest WordPress vulnerability. Naturally, since we use WordPress,...
