WordPress.org

Support

Support » Requests and Feedback » Published Exploit but Not Patched..

Published Exploit but Not Patched..

Viewing 12 replies - 1 through 12 (of 12 total)
  • I have several databases for few different WordPress websites destroyed.. since yesterday. Completely unrecoverable.. Still checking for existing backups..

    esmi

    @esmi

    Forum Moderator

    There is nothing in there that hasn’t been dealt with already.

    esmi, you’re sure? i have one with version 3.3.1 whose database damaged..

    esmi

    @esmi

    Forum Moderator

    Yes. That’s an old report.

    The “flaw” mentioned only applies to new setups where the files are uploaded but the installation steps haven’t been completed. The concern is that someone could then hijack the install and point it to their own database.

    It has nothing to do with your existing sites.

    That’s not fully true. I have a website running 3.3.1 where the mysql database wrecked-havoc & completely damaged.. No physical files were changed..

    I found the error log was very big (about 46 mb). I have a strong but only 8 characters length mysql password. What attack could cause this damage?

    esmi

    @esmi

    Forum Moderator

    Hard to say in hindsight but a mysql server issue could have mangled your database.

    Actually I had many WP websites (various versions) with damaged database.

    I learned on other websites with longer mysql password (16 chars, even 32 – yes I have a phobia), the damage was not materialized.

    esmi

    @esmi

    Forum Moderator

    Damage that is purely limited to the database on multiple sites with the same hosts is far more likely to have come about from a mysql server issue than a hack via WordPress.

    esmi

    @esmi

    Forum Moderator

    Oh – that’s an excellent article!

    @digitallica

    The link you posted is about the possibility of a site being hijacked by someone who completes the install process for you. Unless you have sites which were mysteriously setup for you and you don’t know where that database is, this issue does not apply.

    It is more likely that the problem lies elsewhere. Perhaps you can check with your hosts about this.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Published Exploit but Not Patched..’ is closed to new replies.
Skip to toolbar