WordPress.org

Forums

Refresh me on 2.3 exploits? (5 posts)

  1. webmistressofthedark
    Member
    Posted 3 years ago #

    Someone has asked me to fix their blog which is sending out spam on their domain email.

    I notice they are still using 2.3.x something...

    In the past I fixed exploits on that version but now have forgotten where to look.. can anyone refresh me on that?

    Thanks.

  2. ClaytonJames
    Member
    Posted 3 years ago #

    Nice try, cunning social engineering type WordPress hacker person!!!

    Just kidding... sort of. :-) Some info to browse.

    WordPress version Changelogs

    vulnerabilities wordpress 2.3

    CVEs

    //www.cvedetails.com/product/4096/Wordpress-Wordpress.html?vendor_id=2337

  3. webmistressofthedark
    Member
    Posted 3 years ago #

    Huh? I am not a social engineer...

    I'm trying to help a friend and if you thought it was dangerous to post this (who is using 2.3.1 anymore? And did I even mention WHERE? No I"m not that stupid) you could have emailed me a PM... <sigh>

    I looked in all the files (I have fixed tons of 2.3 hacks before) but could NOT find a thing.

    I told him just to upgrade ASAP.

  4. ClaytonJames
    Member
    Posted 3 years ago #

    Are you kidding me?

    You obviously missed ALL of the intended humor in my response. Perhaps if you re-read it and then ask yourself if you think I was actually being serious, you will see what I mean - not to mention that I actually pointed you to information on almost every published WordPress exploit on the net. I think you might be taking things just a little too seriously here. :-)

    I looked in all the files (I have fixed tons of 2.3 hacks before) but could NOT find a thing.

    I told him just to upgrade ASAP.

    Then you should already know that simply upgrading at this point is probably not going to fix anything. Here's some information that might help point them in the right direction. There's a load of helpful links and information on the subject that can be brought up using a simple search here in the forums.

    http://codex.wordpress.org/FAQ_My_site_was_hacked
    http://wordpress.org/support/topic/268083#post-1065779
    http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
    http://ottopress.com/2009/hacked-wordpress-backdoors/
    http://codex.wordpress.org/Hardening_WordPress

    http://sitecheck.sucuri.net/scanner/

    I hope that helps put you on the right track. Good luck to you!

  5. webmistressofthedark
    Member
    Posted 3 years ago #

    OK apparently this has something to do with the whole DB and since he hasn't given me the keys to that, I guess I have to tell him I looked in every file for malicious code and didn't find any.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags