Word of caution for WordPress 2.1.1 users

Posted By on March 3, 2007

Wordpress logo
WordPress, popular blog publishing software, is the latest to fall victim to a security problem. The problem only affects those who have upgraded to 2.1.1 over the last week. WordPress software has been corrected with the latest 2.1.2 release and an upgrade should alleviate the risk tied to a PHP exploit. Most who have downloaded in the past are probably fine, and the server exploit access point has been secured, but all users should review their version and upgrade to WordPress 2.1.2. (versions prior to 2.1.1 ‘should’ be ok)

According to Matthew Mullenweg at WordPress.org, “it was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.”

Comments

Desultory - des-uhl-tawr-ee, -tohr-ee

  1. lacking in consistency, constancy, or visible order, disconnected; fitful: desultory conversation.
  2. digressing from or unconnected with the main subject; random: a desultory remark.
My Desultory Blog