Security Exploit Added in Wordpress 2.1.1 by a cracker!!!

Hey Guys,

If you have download wordpress 2.1.1 in past 3-4 days then upgrade it to 2.1.2 immediately. I just came to know right now, so i have done that, you too do it. If you are using fantastico then you should have downloaded 2.1.1, as i did the same. Your files may include a security exploit added by the cracker. Check the below update:

http://wordpress.org/development/2007/03/upgrade-212/

If you are a web host or network administrator, block access to “theme.php” and “feed.php”, and any query string with “ix=” or “iz=” in it. If you’re a customer at a web host, you may want to send them a note to let them know about this release and the above information.

Let me know if you require any help in doing so. I upgraded it using Shell access, which is the easiest way i could see..

Thanks,

 

Thanks for the info! Will upgrade right away and will inform others.

 

It would be nice if they actually apologized, wouldn't it?

Pete

 

LOL...yes.

 

my pleasure, i am happy that i was successful passing the msg to DP friends

 

I wrote about it 2 days ago on a post.
I'll tell you something:
1. if people care to read what's written on Dashboard your post could have been useless.
2. if DP readers care to read "Security" you did a good job by posting this info.

The problem is that not everyone read this group.

 

I've added a post about it under "Blogging", this time with the right Title

Better to spam a bit just to be sure everyone knows about it.

 

Yep, already posted that long ago to alert people.
Here it is : Wordpress 2.1.1 compromised

 

Thanks for calling him a 'cracker'

 

Thanks ma0, for correcting my mistake.. i really appreciate that, i will be specific in choosing the category so that all are updated.

agnivo007, you posted on 3rd march and i think i did on the same day! I don't know what i did wrong by alerting all. If you already know abt it then it is good but i thought of sharing this with all as now a days a lot of people use wordpress.

 

he he nothing bad...

 

Only just found out the hard way :/