A Possible WordPress bug/flaw (2 posts)

  1. Katrina
    Posted 10 years ago #

    I go to a site, Jemjabella.co.uk, and I read in her recent post that WordPress may have a vulnerability. Can anyone tell me if this is true? Before you start judging, would you want to first read the article? It's below:

    ... I've been to several weblogs today based on WordPress which have been exploited because of dodgy set permissions. Unfortunately at the time I've had several websites open generally and can't pinpoint who is infected.. anyway, people who've been "attacked" are those with certain files with permissions set to 666. A piece of JavaScript is inserted which when loaded, tries to save the file "upload.wmv" / "update.wmv" / "update2.wmv" to your computer. This is a trojan, and must be told in no uncertain terms to piss right off. Anyway, if you're using WordPress or ANY script that involves permissions set to 666, you need to get them changed to 644 now. Erm, I think it's 644 anyway...

  2. whooami
    Posted 10 years ago #

    yeap, its (malicious js) has been mentioned here a few times (ive responded by mentioning permissions).

Topic Closed

This topic has been closed to new replies.

About this Topic