Comments on: Serious Wordpress Vulnerability Issue

By: massmaconline

massmaconline — Thu, 17 Jun 2010 19:49:31 +0000

Apple Update potentially gives older Flash Player plugin: http://bit.ly/9RZY4M Get latest version of Flash update: http://bit.ly/aCzfgT

By: carolinadreamz

carolinadreamz — Mon, 24 May 2010 23:50:31 +0000

Okay friends, I need some help. I’ve been told I’m running a “vulnerable version or Wordpress” and to update the software.

By: ThemeZip

ThemeZip — Tue, 02 Feb 2010 11:58:04 +0000

How to Check the Update Status of Your WordPress Plugins …: WordPress Plugins are especially vulnerable as many … http://bit.ly/9V0yR0

By: brandi

brandi — Wed, 21 Oct 2009 18:27:54 +0000

I want to thank you for this great article. It very appreciated for answering our questions about wordpress.
steroids

By: Riezky

Riezky — Wed, 21 Oct 2009 10:57:36 +0000

In version 2.8.5 that issue is fixed.

By: DR

DR — Mon, 05 Oct 2009 21:41:29 +0000

”Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.” Source: Wordpress.org

By: Marc @ WebsiteForensics

Marc @ WebsiteForensics — Sun, 06 Sep 2009 10:53:51 +0000

A firsthand experience : " Numerous times yesterday I noticed via my web analytics spy that your beloved ReynoldsFTW category pages were being hit by this so-called worm via the strange URL above in (1). Which goes to show it’s pretty prevalent out there! This is not a drill! "

By: Marc @ WebsiteForensics

Marc @ WebsiteForensics — Sun, 06 Sep 2009 10:52:24 +0000

"Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts." Source: Wordpress.org