A Wordpress HTML Exploit discovered, please patch it now!
|
|
Security focus has published information regarding Wordpress HTML Injection Vulnerability which may allow attackers to inject PHP code straight into your Wordpress blog.
This can lead the attackers do nasty things such as deleting your post, defacing your blog, dropping your entire post (read: delete all your post !) and other dangerous attack. This particular vulnerability affects all Wordpress release from 1.2.1 to 2.0.5, Wordpress 2.0.6 (currently in RC2) is not affected by this vulnerability.
Wordpress bloggers are advised to apply patch released from Wordpress team in order to secure their blog from malicious users.
Applying the patch is simple, all you need to do is download the zip archive from Wordpress Trac, unzip it and upload wp-admin folder to your Wordpress host, overwriting the old template.php file.
Thanks to Faizi for blogging about this.
[Source]
Tags: wordpress, open source, blogger, blogs, blogging, blog, security, exploits
Keep updated with this website! : Subscribe to your email














January 2nd, 2007 at 1:06 pm
into your Wordpress blog. This can lead the attackers do nasty things such as deleting your post, defacing your blog, dropping your entire post (read: delete all your post !) and other dangerous attack. This particular vulnerability … 1 pong [IMG Direct link]
January 2nd, 2007 at 10:09 pm
village-idiot.org — wordpress 2.0.5 vulnerability http://www.village-idiot.org/archives/2007/01/02/wordpress-205-vulnerability/ A Wordpress HTML Exploit discovered, please patch it now! : mypapit gnu/linux blog http://blog.mypapit.net/2007/01/a-wordpress-html-exploit-discovered-please-patch-it-now.html WordPress “file” Script Insertion Vulnerability - Advisories - Secunia http://secunia.com/advisories/23587/ Changeset 4665 - WordPress Trac - Trac http://trac.wordpress.org/changeset/4665 Et n’oublez pas de surveiller celui-ci
January 3rd, 2007 at 8:24 pm
Thanks for the info papit. I’ve applied the patch.
October 6th, 2007 at 12:55 am
[...] this means is… if you haven't …www.linickx.com/archives/279/ wordpress-exploit-on-milw0rmA Wordpress HTML Exploit discovered, please patch it now …village-idiot.org — wordpress 2.0.5 vulnerability http://www.village-idiot. [...]