A Wordpress HTML Exploit discovered, please patch it now!

Posted by mypapit on 2 Jan 2007 in Open Source, Other Downloads, Wordpress

 

Security focus has published information regarding Wordpress HTML Injection Vulnerability which may allow attackers to inject PHP code straight into your Wordpress blog.

This can lead the attackers do nasty things such as deleting your post, defacing your blog, dropping your entire post (read: delete all your post !) and other dangerous attack. This particular vulnerability affects all Wordpress release from 1.2.1 to 2.0.5, Wordpress 2.0.6 (currently in RC2) is not affected by this vulnerability.

Wordpress bloggers are advised to apply patch released from Wordpress team in order to secure their blog from malicious users.

Applying the patch is simple, all you need to do is download the zip archive from Wordpress Trac, unzip it and upload wp-admin folder to your Wordpress host, overwriting the old template.php file.

Thanks to Faizi for blogging about this.

[Source]

Tags: , , , , , , ,

Bookmark this article These icons link to social bookmarking sites where readers can share and discover new web pages.
  • digg
  • YahooMyWeb
  • NewsVine
  • Netvouz
  • Reddit
  • Spurl
  • Furl
  • del.icio.us
  • StumbleUpon
  • Technorati
  • TwitThis

Keep updated with this website! : Subscribe to your email

Recommended Reading

4 smashing comments for this post.

  1. ping.sg :: The Community Meta Blog for Singapore Bloggers Said:
    January 2nd, 2007 at 1:06 pm

    into your Wordpress blog. This can lead the attackers do nasty things such as deleting your post, defacing your blog, dropping your entire post (read: delete all your post !) and other dangerous attack. This particular vulnerability … 1 pong [IMG Direct link]

  2. Infobulles.ch - Cours d'informatique - Formation informatique - Création et hébergement de site web - Genève - Suisse Said:
    January 2nd, 2007 at 10:09 pm

    village-idiot.org — wordpress 2.0.5 vulnerability http://www.village-idiot.org/archives/2007/01/02/wordpress-205-vulnerability/ A Wordpress HTML Exploit discovered, please patch it now! : mypapit gnu/linux blog http://blog.mypapit.net/2007/01/a-wordpress-html-exploit-discovered-please-patch-it-now.html WordPress “file” Script Insertion Vulnerability - Advisories - Secunia http://secunia.com/advisories/23587/ Changeset 4665 - WordPress Trac - Trac http://trac.wordpress.org/changeset/4665 Et n’oublez pas de surveiller celui-ci

  3. 1kHz Said:
    January 3rd, 2007 at 8:24 pm

    Thanks for the info papit. I’ve applied the patch.

  4. wordpress exploit: Web Search Results from Answers.com Said:
    October 6th, 2007 at 12:55 am

    [...] this means is… if you haven't …www.linickx.com/archives/279/ wordpress-exploit-on-milw0rmA Wordpress HTML Exploit discovered, please patch it now …village-idiot.org — wordpress 2.0.5 vulnerability http://www.village-idiot. [...]

Leave a Comment

Subscribe by email

Enter your Email