Malware City/Blog/

Aug
12
Filed Under:
ALERTS

WordPress admin accounts at risk, no fix available

12 August 2009
A vulnerability in the current 2.8.3 release of the popular WordPress blogging software.

According to Laurent Gaffié, wordpress installations versions 2.8.3 and older can be tricked, remotely, into changing the admin password to an arbitrary string chosen by the attacker, effectively giving them total control over the affected installation. No fix is available now (in fact, the vulnerability is so fresh that only milw0rm http://www.milw0rm.com/exploits/9410 has the details, as yet).

Update: An update has been released and is available here http://wordpress.org/download/





By Razvan Stoica
Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. When BitDefender isn't paying him to bring complex subjects to wide audiences, he enjoys writing fiction, skiing and biking.

Related

27-07-2009 | Fake eBay Confirmation Form

23-07-2009 | Watch Harry Potter and the Half-Blood Prince On-line Free?

23-07-2009 | The Spam Omelette #34

21-07-2009 | Twitter Koobface infections rocket skyward

Comment on this

Name:

Email:

Website:

Your email adress will not be published.