WordPress Upgrade to 2.1.2

As reported on Slashdot and on the WordPress.org blog, the 2.1.1 release of the WordPress blogging system was hacked sometime towards the end of February/beginning of March.

The hacker gained user-level access to one of the servers that powers wordpress.org, and modified two files to include code that would allow for remote PHP execution. Although details are sketchy, the WordPress blog details problems with the wp-includes folder, especially the theme.php and feed.php files and any query string with “ix=” or “iz=” in it.

WordPress recommend upgrading to 2.1.2 immediately. The latest .zip and tarballs can be found here.

This issue comes at the same time as the PHP Security blog attempts to raise awareness of general PHP vulnerabilities. Not a great time for the PHP folks.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s