Sep 30 2007

Malicious code insertion in WordPress

Published by under Security,Wordpress

I finally got around to upgrade to the latest WordPress (version 2.3) and I think it was highly needed due to that I’ve received unwanted comments posted to the blog from unregistered user.

The vulnerabilities that have been reported in WordPress lets malicious users to conduct script insertion attacks and to conduct SQL injection attacks. Checking the vulnerability it states that it’s been reported in WordPress prior to 2.2.3 and WordPress MU prior to 1.2.5a.

Either there is a new vulnerability available for WordPress or similar vulnerability works as well with version 2.2.3. So if you haven’t upgraded yet, recommendation is to download the latest version as soon as possible.

Kim Haverblad

No comments

Trackback URI | Kommentars RSS

Leave comment