News Stay informed about the latest enterprise technology news and product updates.

WordPress upgrade fixes 'dangerous' flaw

Developers of the open source blogging platform WordPress say users should upgrade to version 2.1.2 immediately to address a "dangerous" security hole that was recently attacked.

Developers of the open source blogging platform WordPress say users should upgrade to version 2.1.2 immediately...

to address a "dangerous" security hole an attacker recently managed to exploit.

"If you downloaded WordPress 2.1.1 within the past three to four days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately," the developers said in a warning on its WordPress Web site.

The development team said it received a message about unusual and highly exploitable code in WordPress, and an investigation confirmed that an attacker had modified version 2.1.1 from its original code.

"It was determined that a cracker had gained user-level access to one of the servers that powers, and had used that access to modify the download file," the advisory said. "We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution."

Although not all downloads of 2.1.1 were affected, the developers said they are declaring the entire version dangerous and have released version 2.1.2, which includes minor updates and entirely verified files. The team is also instituting new preventative measures, "not the least of which is minutely external verification of the download package so we'll know immediately if something goes wrong for any reason," the advisory said. The team has also reset passwords for a number of users with SVN and other access.

The advisory urged users to help find and replace vulnerable versions of the program:

"If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files [and] check out your friends' blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade," the advisory said.

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.