A Wordpress HTML Exploit discovered, please patch it now!
|
|
Security focus has published information regarding Wordpress HTML Injection Vulnerability which may allow attackers to inject PHP code straight into your Wordpress blog.
This can lead the attackers do nasty things such as deleting your post, defacing your blog, dropping your entire post (read: delete all your post !) and other dangerous attack. This particular vulnerability affects all Wordpress release from 1.2.1 to 2.0.5, Wordpress 2.0.6 (currently in RC2) is not affected by this vulnerability.
Wordpress bloggers are advised to apply patch released from Wordpress team in order to secure their blog from malicious users.
Applying the patch is simple, all you need to do is download the zip archive from Wordpress Trac, unzip it and upload wp-admin folder to your Wordpress host, overwriting the old template.php file.
Thanks to Faizi for blogging about this.
[Source]
Tags: wordpress, open source, blogger, blogs, blogging, blog, security, exploits
Keep updated with this website! : Subscribe to your email
WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.
January 2nd, 2007 at 10:09 pm
village-idiot.org — wordpress 2.0.5 vulnerability http://www.village-idiot.org/archives/2007/01/02/wordpress-205-vulnerability/ A Wordpress HTML Exploit discovered, please patch it now! : mypapit gnu/linux blog http://blog.mypapit.net/2007/01/a-wordpress-html-exploit-discovered-please-patch-it-now.html WordPress “file” Script Insertion Vulnerability – Advisories – Secunia http://secunia.com/advisories/23587/ Changeset 4665 – WordPress Trac – Trac http://trac.wordpress.org/changeset/4665 Et n’oublez pas de surveiller celui-ci
January 2nd, 2007 at 1:06 pm
into your Wordpress blog. This can lead the attackers do nasty things such as deleting your post, defacing your blog, dropping your entire post (read: delete all your post !) and other dangerous attack. This particular vulnerability … 1 pong [IMG Direct link]
January 3rd, 2007 at 8:24 pm
Thanks for the info papit. I’ve applied the patch.
October 6th, 2007 at 12:55 am
[...] this means is… if you haven't …www.linickx.com/archives/279/ wordpress-exploit-on-milw0rmA Wordpress HTML Exploit discovered, please patch it now …village-idiot.org — wordpress 2.0.5 vulnerability http://www.village-idiot. [...]
April 18th, 2009 at 2:56 am
I used google translate to understand, because my English so bad. I think this great article. Thank for sharing.
September 7th, 2009 at 2:53 am
[...] [1] http://blog.mypapit.net/2007/01/a-wordpress-html-exploit-discovered-please-patch-it-now.html [...]
October 5th, 2009 at 2:44 am
[...] publicadas desde uma simples manutenção de html, que pode gerar o “defacing” do blog ou a delação de posts a falhas que permitem a exploração por “spam link injection” principalmente em códigos [...]
October 6th, 2009 at 12:37 am
[...] publicadas desde uma simples manutenção de html, que pode gerar o “defacing” do blog ou a delação de posts a falhas que permitem a exploração por “spam link injection” principalmente em códigos [...]
October 8th, 2009 at 7:11 pm
[...] publicadas desde uma simples manutenção de html, que pode gerar o “defacing” do blog ou a delação de postsa falhas que permitem a exploração por “spam link injection” principalmente em códigos [...]