Search Results for: 1

Code Injection Follow Up

I have release 2 security updates to WP-Polls and WP-PostRatings which basically removes a malicious code that allows code injection. The malicious code is as follows: if ($_SERVER[‘PHP_SELF’] == @links_add_base_url(“/”, $_SERVER[‘HTTP_REFERER’])) return; The code itself does nothing, but hackers are spoofing the $_SERVER[‘HTTP_REFERER’] that allows arbitrary code injection and note the @ sign which surpress … Continue reading “Code Injection Follow Up”

WordPress 3.0.3

WordPress 3.0.3 has been released and it is yet another security update. This release fixes issues in the remote publishing interface, which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish, or delete posts. These issues only affect sites that have remote publishing enabled. Remote publishing is disabled by default, but you … Continue reading “WordPress 3.0.3”

WordPress 3.0.2

WordPress 3.0.2 is out and it is recommended for everyone to upgrade as it is a mandatory security update for all previous WordPress versions. Fixes: Fixed moderate security issue where a malicious Author-level user could gain further access to the site. Remove pingback/trackback blogroll whitelisting feature as it can easily be abused. [Fixed other issues] … Continue reading “WordPress 3.0.2”

WordPress 3.0

WordPress 3.0 named “Thelonious” has been released. WordPress 3.0, the thirteenth major release of WordPress and the culmination of half a year of work by 218 contributors, is now available for download (or upgrade within your dashboard). Major new features in this release include a sexy new default theme called Twenty Ten. Theme developers have … Continue reading “WordPress 3.0”