Sep 30 2007
Malicious code insertion in WordPress
I finally got around to upgrade to the latest WordPress (version 2.3) and I think it was highly needed due to that I’ve received unwanted comments posted to the blog from unregistered user.
The vulnerabilities that have been reported in WordPress lets malicious users to conduct script insertion attacks and to conduct SQL injection attacks. Checking the vulnerability it states that it’s been reported in WordPress prior to 2.2.3 and WordPress MU prior to 1.2.5a.
Either there is a new vulnerability available for WordPress or similar vulnerability works as well with version 2.2.3. So if you haven’t upgraded yet, recommendation is to download the latest version as soon as possible.
Kim Haverblad