When is this vulnerablility going to be fixed (4 posts)

  1. theBleeber
    Posted 11 years ago #

    I really want to use wordPress but I dont want to take the rick of my server being comprimised. Please give us a timeline on when this will be resolved. See below for link.


    WordPress Cookie Data PHP Code Injection Vulnerability

  2. James Huff
    Support Team Rep.
    Posted 11 years ago #

    Would you please discuss these things with the developers, rather than posting them on a public forum, so that the good people here don't panic, and the bad people here don't run off to test this exploit on unsuspecting blogs? This is just simple plea to the many who have posted about this today. Please use some common sense!

    Now, please read through this post: http://wordpress.org/support/topic/41464#post-233351

    If your server has register_globals disabled (which it should as a default security precaution), then you are not vulnerable to this exploit.

  3. tomhanna
    Posted 11 years ago #

    When your host turns register_globals off like it should be.

  4. Pizdin Dim
    Posted 11 years ago #

    If your ISP is unable (or unwilling) to run apache with register globals switched off, simply add this to your .htaccess file in the root folder of your WordPress installation:

    php_flag register_globals off

Topic Closed

This topic has been closed to new replies.

About this Topic