WordPress.org

Ready to get started?Download WordPress

Forums

When is this vulnerablility going to be fixed (4 posts)

  1. theBleeber
    Member
    Posted 8 years ago #

    I really want to use wordPress but I dont want to take the rick of my server being comprimised. Please give us a timeline on when this will be resolved. See below for link.

    theBleeber

    WordPress Cookie Data PHP Code Injection Vulnerability
    2005-08-10
    http://www.securityfocus.com/bid/14533

  2. Would you please discuss these things with the developers, rather than posting them on a public forum, so that the good people here don't panic, and the bad people here don't run off to test this exploit on unsuspecting blogs? This is just simple plea to the many who have posted about this today. Please use some common sense!

    Now, please read through this post: http://wordpress.org/support/topic/41464#post-233351

    If your server has register_globals disabled (which it should as a default security precaution), then you are not vulnerable to this exploit.

  3. tomhanna
    Member
    Posted 8 years ago #

    When your host turns register_globals off like it should be.

  4. pizdin_dim
    Member
    Posted 8 years ago #

    If your ISP is unable (or unwilling) to run apache with register globals switched off, simply add this to your .htaccess file in the root folder of your WordPress installation:

    php_flag register_globals off

Topic Closed

This topic has been closed to new replies.

About this Topic