Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.You'll want to upgrade like right away.
Saturday, September 5, 2009
IMPORTANT: Wordpress Bloggers: upgrade now
A worm is attacking Wordpress blogs prior to version 2.8.3:
Subscribe to:
Post Comments (Atom)
1 comment:
Reason number 321 that Blogger is good enough for me...Seems like I see either "OMG, another Wordpress vulnerability, upgrade immediately" or "I upgraded Wordpress and it ate my blog" every few months.
Post a Comment