jump to navigation

WordPress Security Alert! March 6, 2007

Posted by jhlim in blog, breach, cracker, hacker, security, software, spyware.

WordPressReminder: if you’re using the wordpress 2.1.1 software for your blogging tool, upgrade it soon. Apparently, a cracker has managed to access the wordpress servers to modify one of the download files.

WordPress Code Subverted on Its Own Server (eWeek)
March 3, 2007 7:41 PM


Users who have downloaded the 2.1.1 version of the open-source blogging platform WordPress should upgrade all files to 2.1.2 immediately, since they could include a security bug injected by a cracker who gained user-level access to one of the servers that powers wordpress.org, according to a release posted on WordPress’ site on Friday.

WordPress received a note on the project’s security mailing address Friday morning regarding “highly exploitable code,” the release said. After investigating the issue, the WordPress developers found that the 2.1.1 download had been modified from its original site. The Web site was taken down immediately for further forensic analysis.

“It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file,” the release continued. “We have locked down that server for further forensics.”

At this point it looks like the 2.1.1 download was the only thing affected by the attack. The attacker(s) modified two files to include code that would allow for the remote PHP execution.

Read the rest of the article here…http://fly2.ws/wordpress-security-bug



No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: