Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Wordpress Vulnerabilities
Two new vulnerabilities were disclosed in Wordpress and an associated plugin. Time to upgrade before your sites become defaced.
ITPro Today
February 4, 2008
1 Min Read
Two new vulnerabilities were disclosed in Wordpress and an associated plugin. Time to upgrade before your sites become defaced.
There's a major problem in the xmlrpc.php script. So either upgrade Wordpress to v2.3.3 or download a new copy of xmlrpc.php to use until you can perform a complete upgrade.
Exploit code is on the loose for a problem in the WP-Forum plugin. That bug is nasty too and there's no fix out yet. But here's a quicky fix that might hold you until an official fix it out:
Open wp-forum.php and find the function forum_show_profile. then replace it with this code:
function forum_show_profile(){
$pos = strpos($_GET['user'],'+');
if ($pos !== false) $user = substr($_GET['user'],0,$pos);
return forum_get_profile($user);
}
About the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
