Support » Everything else WordPress » SecuriTeam reports a flaw in

  • vsa


    As you can read [ MOD: LINK REMOVED ] Securiteam says that WordPress version and prior (with register_globals) are Vulnerable Systems.

    It says also that WordPress version or newer are Immune Systems.

    Can anyone shed some light over this subject?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Yngwin


    Can’t shed much light here, except that you should never use register_globals anyway (that’s a PHP configuration option). Also I haven’t seen any or did I miss something?

    Mark (podz)


    Support Maven

    This got old a few days ago. It’s been reported here several times – the full answers are elsewhere, but Yngwin has the short answer.




    It’s generally bad form to post exploit code. Had you searched the forums, you could have easily found this comment on this post:

    For various reasons, the core WordPress developers (that is, Ryan and Matt) do not discuss WordPress exploits until a patch is available, and a release plan is in place.

    The vitriol about unpatched vulnerabilities is mis-placed. Matt and Ryan have an obligation to make sure that the problems they fix do not cause more trouble. We experienced this with, which was released to fix a problem, and ended up introducing additional problems.

    And as I said, it involves more than just patching. The patches need to be sufficiently tested. The upgrade process needs to be supported by the volunteers here. Simply releasing a new version, and saying “here you go!” would do more harm than good.

    I’m not thrilled about the existence of security vulnerabilities; but it’s a fact of life that they’ll always be present. WordPress is an increasingly complex piece of software, and although Matt and Ryan make an effort to be security conscious in their coding, they are after all human beings. We all make mistakes; we all have bad days; we all overlook some things.

    You can help, rather than complain.

    Every single reader here is invited to participate in WordPress’ development. If you notice problems, please log them at If you discover a severe vulnerability, email The Open Source mantra is “With many eyes, all bugs are small.” By working together, we can squash bugs and make sure that WordPress is as secure as it can be.



    To Skippy:
    I should not have linked directly to the Securiteam site. You’re right.

    Had you searched the forums, you could have easily found this comment on this post
    Wrong. I did searched the forum. I did went to check some wp blogs. I did went to google it. The problem was that there was no mention to Securiteam in that post.

    You can help, rather than complain
    I, and many others WP users just wanted to know if the devs were aware of this flaw and if there was a version. This seems quite clear in my text.
    I was not complaining about anything.

    Moderator James Huff


    The Devs were aware of this problem. That’s why they released v1.5.2 yesterday. Upgrade ASAP!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘SecuriTeam reports a flaw in’ is closed to new replies.