Subscribe to dotcomUNDERGROUND RSS Feed dotcomUNDERGROUND RSS Feed Add to Google Toolbar Add to Google Reader or Homepage Add to netvibes Add to Pageflakes  Windows Live Alerts
Get updates by email:    

security vulnerability in WordPress


Posted on Wednesday, June 1st, 2005 at 4:18 pm
[ Comments RSS Comments RSS ] [ Trackback Link Trackback URL ] [ ] [ PDF Version Download PDF ]

From Werdpress DevBlog

It has come to our attention that under certain circumstances there is a security vulnerability in WordPress that may be triggered if you’re running the default template. We were able to respond very quickly (under 40 minutes) and update the download to 1.5.1.2. You can upgrade by overwriting your old 1.5 files or if you would like to apply the fix manually it is relatively simple:

Open the wp-includes/template-functions-category.php file in a text editor like Wordpad.
Go to around line 103 where it says get_the_category_by_ID.
Create a new line after that and paste in $cat_ID = (int) $cat_ID;
One note, even if the vulnerability was present in your blog, you would still be safe if your host ran mod_security on their servers. It is an Apache module which can provide very high-level protection against everything like the vulnerability above to comment spam. We will be updating the hosting page shortly to reflect which hosts there support mod_security or not.

Link to this article:



Related Articles:
Recent Articles:
Tags:
Search with Google:
 
Web dotcomUNDERGROUND
This entry was posted on Wednesday, June 1st, 2005 at 4:18 pm and is filed under Tech. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

 

Trackbacks

(Trackback URL)

  • JalanSutera.com

    June 3, 2005 at 12:17 pm

    Update WP Sedikit perbaikan di engine weblog ini. 1. Buka file wp-includes/template-functions-category.php menggunakan Notepad 2. ...

  • grill-security.alarmdoor

    August 21, 2007 at 9:43 pm

    [...] okay this regal judgement at http://www.dotcomunderground.com/blogs/2005/06/01/security-vulnerability-in-wordpress/ about [...]

close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus
People come here looking for: msn plusz (46), msn letöltése (26), msn letoltes (20), msn letoltese (16), yahoo messenger letoltese (13), msn plusz letöltés (13), vulnerability (12), msn letöltés (11), msn plusz letöltése (11), yahoo messenger letoltes (10), messenger plusz (9), msn 8.0 letöltés (9), msn 8.5 letöltése (9), messenger letöltése (6), msn messenger letoltese (5), msn 8.0letöltés (5), yahoo letoltese (5), msn 8.5letöltése (5), msn plusz dowload (4), 8.0msn letöltése (4), msn messenger letöltés (4), msn messenger letöltése (4), yahoo letoltes (4), messenger letoltese (4), Msn messenger 8.5letöltése (4), "msn plusz download" (3), computers internet blog (3), 8.5msn (3), messenger plusz live (3), windows live messenger letöltése (3), msn messenger 8.0letöltés (3), MSN messenger letoltése (3), msn letoltése (3), msn 8.5 letoltese (3), msn 8.0 letöltése (3), msn letöltés 8.5 (3), msn letoltese (3), live messenger letoltese (3), 8.0 msn plusz (2), msn plusz 8.0 (2), msn plusz download (2), security vulnerability for bangladesh (2), "msn plusz download' (2), msn plusz free download (2), messenger letöltése 8.5 (2), msn messenger letoltes (2), 8.0 msn letöltése (2), WordPress 1.5.2 vulnerabilities (2), windows messenger plusz (2), messenger 8.0 letoltes (2),