Ironically, the 2.1.1 security and bug-fix release of WordPress included malicious code that allows anyone to execute PHP code on your server. If you’ve upgraded WordPress during the last 3-5 days, it’s highly recommended that you upgrade to WordPress 2.1.2 immediately.
From the official announcement:
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.
Well, time to upgrade…
Related Posts
- Wordpress 2.1 “Ella”
- How To: Make Search Engines Like Your WordPress Blog
- WordPress 2.1 and Ultimate Tag Warrior
- Ubuntu 6.10 Edgy Eft Released!
- Google can be Used to Compromise Insecure Sites
- WordPress 2.0.6
- Ubuntu PLF Back as Medibuntu
- WordPress Plugin Directory Gets a Facelift
- WordPress Plugins a Site Wouldn’t Function Without
- How To: Remove ‘www.’ Permanently With .htaccess
Home > About This Post
This entry was posted by Patrick Mylund Nielsen on Saturday, March 3rd, 2007, at 3:28 pm, and was filed in the News, Software, Internet categories with the tag(s) security, WordPress.
Subscribe to the
RSS 2.0 feed for all comments to this post.
You can submit this post to del.icio.us, Digg, Furl, Google, Ma.gnolia, Newsvine, Reddit, Rojo, or Yahoo.
This article is also available in Arabic, Chinese Simplified, Chinese Traditional, French, German, Italian, Japanese, Korean, Portuguese, Russian, and Spanish.
Post a Comment