Wordpress Vulnerabilities

Two new vulnerabilities were disclosed in Wordpress and an associated plugin. Time to upgrade before your sites become defaced.

There's a major problem in the xmlrpc.php script. So either upgrade Wordpress to v2.3.3 or download a new copy of xmlrpc.php to use until you can perform a complete upgrade.

Exploit code is on the loose for a problem in the WP-Forum plugin. That bug is nasty too and there's no fix out yet. But here's a quicky fix that might hold you until an official fix it out:

Open wp-forum.php and find the function forum_show_profile. then replace it with this code:

function forum_show_profile()\{
$pos = strpos($_GET\['user'\],'+');
if ($pos !== false) $user = substr($_GET\['user'\],0,$pos);
return forum_get_profile($user);
\}

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish