Join dotcomUNDERGROUND on Facebook Follow dotcomUNDERGROUND on Twitter Get updates by email dotcomUNDERGROUND RSS Feed
Wednesday, June 1st, 2005
Share on Facebook

From Werdpress DevBlog

It has come to our attention that under certain circumstances there is a security vulnerability in WordPress that may be triggered if you’re running the default template. We were able to respond very quickly (under 40 minutes) and update the download to 1.5.1.2. You can upgrade by overwriting your old 1.5 files or if you would like to apply the fix manually it is relatively simple:

Open the wp-includes/template-functions-category.php file in a text editor like Wordpad.
Go to around line 103 where it says get_the_category_by_ID.
Create a new line after that and paste in $cat_ID = (int) $cat_ID;
One note, even if the vulnerability was present in your blog, you would still be safe if your host ran mod_security on their servers. It is an Apache module which can provide very high-level protection against everything like the vulnerability above to comment spam. We will be updating the hosting page shortly to reflect which hosts there support mod_security or not.


Join dotcomUNDERGROUND on Facebook Follow dotcomUNDERGROUND on Twitter Get updates by email dotcomUNDERGROUND RSS Feed
Get updates delivered to your email:  Enter email address:  

Tags:
Categories: Tech

Get Update Notifications

 Subscribe in a reader Or, subscribe via email:
Enter your email address:  
dotcomUNDERGROUND RSS Feed
Find entries :

Browse by Tags »