So this is an interesting announcement due to the discussion points it brings up about responsible disclosure, it seems like in this case a researcher published his findings about a WordPress critical zero-day vulnerability without informing WordPress before hand. And they got it fixed REAL quickly, where as in a previous (pretty similar) case – […]
wordpress-exploit
Critical XSS Flaw Affects WordPress 3.9.2 And Earlier
So it’s been a while since we’ve talked about any flaws in WordPress – because usually they are pretty dull and require such an obscure set of circumstances, that they are unlikely to ever occur in the wild. The most recent time was this year actually, but was a DoS attack, which is not THAT […]
WordPress 2.8.3 Admin Reset Exploit
Ah it’s WordPress again, sometimes I wonder how many holes there are in WordPress. I guess a dedicated attacker could find some serious ones with the complexity of the code base. It’s suspected some of the recent high profile breaches have come from WordPress exploits. The latest one to become public is a simple but […]
WordPress Download Server Compromised (2.1.1) – Get 2.1.2 NOW!
[ad] Some sneaky hacker got into the WordPress download server and placed a backdoor in the latest available version (2.1.1). Luckily within a day someone reported the exploit to the WordPress team and they took the site down to investigate. This morning we received a note to our security mailing address about unusual and highly […]
WordPress 2.0.7 Follows Hot on the Tail of WordPress 2.0.6
[ad] Recently a bug in certain versions of PHP came to the attention of the WordPress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, […]