Vulnerability Found in WordPress
Published by Sunny on January 2nd, 2007 in Internet, News - Views, Security
A XSS vulnerability has been in found in wp-admin/template.php which could allow malicious web users to inject arbitary web scripts or HTML code through the file parameter.
This exploit could allow remote attackers to do nasty things by injecting php or html codes into your wordpress core files.
Vulnerable versions of Wordpress:
- Wordpress (B2) 0.6.2 .1
- Wordpress (B2) 0.6.2
- WordPress 2.0.5
- WordPress 2.0.4
- WordPress 2.0.3
- WordPress 2.0.2
- WordPress 2.0.1
- WordPress 2.0
- WordPress 1.5.2
- WordPress 1.5.1 .3
- WordPress 1.5.1 .2
- WordPress 1.5.1
- WordPress 1.5
- WordPress 1.2.2
- WordPress 1.2.1
- WordPress 1.2
- WordPress 0.71
- WordPress 0.7
Only the latest WordPress WordPress 2.0.6 is not vulnerable to this.
To go about patching the vulnerability, you will need to download the patched templates.php and then replace it with your exiting wp-admin/templates.php file.
To learn more about this vulnerability, visit Operation N or Security Focus.
Report via Tech-Buzz.
Popularity: 7% [?]
Sphere: Related Content
Spread the word: 
Sphere: Related Content
Help Yourself: 
comments
posts
trackback
Sphere: Related Content
Help Yourself: comments
posts
trackback
January 20th, 2007 at 9:55 pm
Nice post.
Would you like to exchange links in blogroll ?