WordPress.org

Ready to get started?Download WordPress

Forums

Anyone Read BugTraq? (14 posts)

  1. Anonymous
    Unregistered
    Posted 9 years ago #

    Just curious if anyone noticed the post to bugtraq about wordpress 1.2 vulnerabilities? Now that the entire hacker world is aware, it's only a matter of time (minutes probably) before exploits are coded and our blogs are hacked.

  2. Anonymous
    Unregistered
    Posted 9 years ago #

  3. Mark (podz)
    Support Maven
    Posted 9 years ago #

    A quick google shows that LiveJournal and Blogger are also vulnerable.
    I'm not dissing your point, merely placing it in some sort of context.

  4. Ryan Boren
    WordPress Dev
    Posted 9 years ago #

    Yes, we know about it. We're working on getting a 1.2.1 ready.

  5. Muffinboy
    Member
    Posted 9 years ago #

    Obviously fixing 1.2 is priority number 1 now, but is the same vulnerable code present in the 1.3 alpha releases? And if so, will it be fixed in one of the upcoming nightlies?

  6. Ryan Boren
    WordPress Dev
    Posted 9 years ago #

    It'll be fixed in 1.2 and 1.3.

  7. Anonymous
    Unregistered
    Posted 9 years ago #

    That's a relief. I just saw this linked on Blogging Pro and it kind of freaked me, because the only fix their link gives is switching tools or editing the code, and I don't know enough about PHP to fix it myself.
    Is there an ETA on the patched version?

  8. Ryan Boren
    WordPress Dev
    Posted 9 years ago #

    ASAP

  9. Anonymous
    Unregistered
    Posted 9 years ago #

    @podz: This is also different to the blogger and livejournal holes because those are sites based on a single host, but many different hosts are running WordPress. If my livejournal gets hijacked I can blame livejournal, but if my wordpress blog is targeted my host will likely blame me and shut me down. So yes, this is an issue and I'm glad the devs are taking it seriously.

  10. Mark (podz)
    Support Maven
    Posted 9 years ago #

    Fair enough, and I agree :)

  11. linasg
    Member
    Posted 9 years ago #

    any news about wp 1.2.1?

  12. Mark (podz)
    Support Maven
    Posted 9 years ago #

    Not yet.

  13. offline
    Member
    Posted 9 years ago #

    I understand that this issue isn't viewed as massive, but all the same it IS a vulnerability. What are the chances that we'll see something from the developers in the way of a progress report or a patch for those of us not using the CVS version. Perhaps on the dev blog?

  14. Ryan Boren
    WordPress Dev
    Posted 9 years ago #

    See here and here.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.