WordPress Update Fixes Malicious Author Vulnerability

Publicado: 2 diciembre, 2010 en Noticias

An update to the popular WordPress blogging platform fixes a known security hole that could have enabled a malicious contributor to gain wider control over the blog to which he or she contributed.

WordPress 3.0.2 was posted on Tuesday. The privilege escalation hole was described as of “moderate” severity. IN addition to that fix, the latest update includes a fix for a trackback white listing feature that allowed comment spammers to bypass features that limited trackbacks or pingbacks from previously unknown individuals, as well as a cross site scripting issue described as “minor.”

WordPress, one of the most popular blogging platforms, has been the target of large scale hacks before. In April, malicious hackers took advantage of incorrectly configured WordPress installations on servers belonging to Network Solutions to redirect thousands of Web domains running WordPress to a Web domain that served up malicious content. In November, 2009, WordPress installations were the target of a Web based attack that tried to crack administrative passwords to WordPress blogs.

WordPress 3.0.2 is described as a madatory security update for sites running previous editions of the software. It can be downloaded and installed directly from hosting providers or from the WordPress Web site.


About these ads

Deja un comentario

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s