Can an old version of Kubrick theme be a security risk? | WordPress.org

zovirl
(@zovirl)

15 years, 8 months ago

The upgrade instructions make it sound like I can keep my existing theme after an upgrade. Is there any security risk in doing that? I’m using a very old version of the Kubrick theme, somewhat modified. Have there been security fixes in Kubrick that wouldn’t have made it into my version?

I’m asking because my site, running 2.5.1, got hacked last week. Similar symptoms to http://wordpress.org/support/topic/168964?replies=45: I have a hidden admin user with javascript for a first name and some weird encrypted plugins enabled in active_plugins. Obviously I’ll be upgrading to 2.6 but I want to know if I can keep using a (clean) copy of my theme or whether I need to upgrade it too.

Viewing 4 replies - 1 through 4 (of 4 total)

moshu
(@moshu)

15 years, 8 months ago

Unless you make your theme’s template files world writable (chmod 666 for online editing, which is a very bad idea!) – your WP is not hacked via the theme.

Thread Starter zovirl
(@zovirl)

15 years, 8 months ago

Nope, they are locked down. I just wanted to make sure that the diffs I see between the version of Kubrick included w/ WP 2.0 and the version from WP2.5 were not related to security.

whooami
(@whooami)

15 years, 8 months ago

actually, old themes, that still use php_self in the search form, are vulnerable. I do believe a very old version of kubrick used that.

Thread Starter zovirl
(@zovirl)

15 years, 8 months ago

Thanks for the heads-up. I double-checked and I’m not using php_self.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Can an old version of Kubrick theme be a security risk?’ is closed to new replies.

In: Fixing WordPress
4 replies
3 participants
Last reply from: zovirl
Last activity: 15 years, 8 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics