WordPress security patch #7864

Security loophole in WordPress 2.3

It did not take long for the first hole to appear in the much heralded (secure) sic WP 2.3 release.

If you can not be bothered to futz with reading the forum link here is the heads up: This new hole feature in WP allows guys to add links to your blogroll. How cool is that? Penis enlargement? Viagra? Gambling? Porno? All these exciting links and more can be yours with no effort and no charge on your very own blogroll.

Fortunately the pointy heads at Autocrattic have already patched it. We have upgraded all our clients accordingly.

It is time that SuperMattTM got someone in who knows about this stuff. No really.

Comment

  1. new? from the looks of the trac ticket, it’s been there a long time, some hackers finally found it.

    as with all (nearly) wordpress issues, it requires open registration to work. and like all security, just because wordpress has lots of fixes doesn’t mean that they have more holes. it just means that serendipity/habari/EE don’t have enough users for the hackers to bother trying to exploit them.

    Comment by adam Oct 17, 06:53 PM #

  2. I passed the news on yesterday, mostly because I read your post right after BlogSecurity announced that no vulnerabiliteis had been found in 2.3. :D

    Comment by AndreaR Oct 18, 01:19 PM #

  3. I didn’t come across this one until today on Adam’s site (referencing yourself), but I am glad that I don’t allow registations on any of my sites. Crazy stuff….good for pointing it out because the post on Ryan’s site doesn’t make it seem so important…..

    Comment by Trent Oct 21, 03:45 AM #

  4. Thank goodness my web developer was on top off the situation and took good care of upgrading for all of his clients. Much appreciated. :)

    Comment by brightfeather Oct 21, 08:55 PM #

Add your two cents









Textile Help

Last Post:
Next Post:

WordPress security patch #7864

Security loophole in WordPress 2.3

It did not take long for the first hole to appear in the much heralded (secure) sic WP 2.3 release.

If you can not be bothered to futz with reading the forum link here is the heads up: This new hole feature in WP allows guys to add links to your blogroll. How cool is that? Penis enlargement? Viagra? Gambling? Porno? All these exciting links and more can be yours with no effort and no charge on your very own blogroll.

Fortunately the pointy heads at Autocrattic have already patched it. We have upgraded all our clients accordingly.

It is time that SuperMattTM got someone in who knows about this stuff. No really.

Comment

  1. new? from the looks of the trac ticket, it’s been there a long time, some hackers finally found it.

    as with all (nearly) wordpress issues, it requires open registration to work. and like all security, just because wordpress has lots of fixes doesn’t mean that they have more holes. it just means that serendipity/habari/EE don’t have enough users for the hackers to bother trying to exploit them.

    Comment by adam Oct 17, 06:53 PM #

  2. I passed the news on yesterday, mostly because I read your post right after BlogSecurity announced that no vulnerabiliteis had been found in 2.3. :D

    Comment by AndreaR Oct 18, 01:19 PM #

  3. I didn’t come across this one until today on Adam’s site (referencing yourself), but I am glad that I don’t allow registations on any of my sites. Crazy stuff….good for pointing it out because the post on Ryan’s site doesn’t make it seem so important…..

    Comment by Trent Oct 21, 03:45 AM #

  4. Thank goodness my web developer was on top off the situation and took good care of upgrading for all of his clients. Much appreciated. :)

    Comment by brightfeather Oct 21, 08:55 PM #

Add your two cents









Textile Help

WordPress security patch #7864

Security loophole in WordPress 2.3

It did not take long for the first hole to appear in the much heralded (secure) sic WP 2.3 release.

If you can not be bothered to futz with reading the forum link here is the heads up: This new hole feature in WP allows guys to add links to your blogroll. How cool is that? Penis enlargement? Viagra? Gambling? Porno? All these exciting links and more can be yours with no effort and no charge on your very own blogroll.

Fortunately the pointy heads at Autocrattic have already patched it. We have upgraded all our clients accordingly.

It is time that SuperMattTM got someone in who knows about this stuff. No really.

Comment

  1. new? from the looks of the trac ticket, it’s been there a long time, some hackers finally found it.

    as with all (nearly) wordpress issues, it requires open registration to work. and like all security, just because wordpress has lots of fixes doesn’t mean that they have more holes. it just means that serendipity/habari/EE don’t have enough users for the hackers to bother trying to exploit them.

    Comment by adam Oct 17, 06:53 PM #

  2. I passed the news on yesterday, mostly because I read your post right after BlogSecurity announced that no vulnerabiliteis had been found in 2.3. :D

    Comment by AndreaR Oct 18, 01:19 PM #

  3. I didn’t come across this one until today on Adam’s site (referencing yourself), but I am glad that I don’t allow registations on any of my sites. Crazy stuff….good for pointing it out because the post on Ryan’s site doesn’t make it seem so important…..

    Comment by Trent Oct 21, 03:45 AM #

  4. Thank goodness my web developer was on top off the situation and took good care of upgrading for all of his clients. Much appreciated. :)

    Comment by brightfeather Oct 21, 08:55 PM #

Add your two cents









Textile Help

WordPress security patch #7864

Security loophole in WordPress 2.3

It did not take long for the first hole to appear in the much heralded (secure) sic WP 2.3 release.

If you can not be bothered to futz with reading the forum link here is the heads up: This new hole feature in WP allows guys to add links to your blogroll. How cool is that? Penis enlargement? Viagra? Gambling? Porno? All these exciting links and more can be yours with no effort and no charge on your very own blogroll.

Fortunately the pointy heads at Autocrattic have already patched it. We have upgraded all our clients accordingly.

It is time that SuperMattTM got someone in who knows about this stuff. No really.

Comment

  1. new? from the looks of the trac ticket, it’s been there a long time, some hackers finally found it.

    as with all (nearly) wordpress issues, it requires open registration to work. and like all security, just because wordpress has lots of fixes doesn’t mean that they have more holes. it just means that serendipity/habari/EE don’t have enough users for the hackers to bother trying to exploit them.

    Comment by adam Oct 17, 06:53 PM #

  2. I passed the news on yesterday, mostly because I read your post right after BlogSecurity announced that no vulnerabiliteis had been found in 2.3. :D

    Comment by AndreaR Oct 18, 01:19 PM #

  3. I didn’t come across this one until today on Adam’s site (referencing yourself), but I am glad that I don’t allow registations on any of my sites. Crazy stuff….good for pointing it out because the post on Ryan’s site doesn’t make it seem so important…..

    Comment by Trent Oct 21, 03:45 AM #

  4. Thank goodness my web developer was on top off the situation and took good care of upgrading for all of his clients. Much appreciated. :)

    Comment by brightfeather Oct 21, 08:55 PM #

Add your two cents









Textile Help