WordPress 2.8.1, which fixes a number of problems with 2.8 and addresses a potentially serious security vulnerability, was released yesterday. The problems that were fixed were causing serious problems for some users. A work around was created so that some templates that were not working due how they called get_categories(). Dashboard memory usage was reduced to alleviate an issue where some people were receiving an incomplete page when they attempted to view the dash board. And an issue that caused the rich text editor not load was worked around. The security vulnerability allows any user of the blog, including subscribers, to view and in some cases modify plugin files if they did not explicitly check permissions. In Corelabs advisory about the vulnerability, they mention one plugin whose features could be disabled and another that could be modified to run arbitrary code when the blog administrator visits the plugins page. Extra security has been put in place to better protect plugins from this.
Using Insecure WordPress Plugins?Does your WordPress blog contain known insecure plugins? Check Now
Search This Blog
- Hackers Attempting To Hide Malicious Code in Files With Comments
- Is Your Web Host Keeping PHP Up to Date?
- StopTheHacker: A Website Security Company That Doesn’t Care About Security
- FEMA Website Running Outdated and Insecure Version of Drupal
- OWASP Website Running Outdated and Insecure Version of MediaWiki
Web Software Updates
WordPress VersionWe are running WordPress 3.5.1 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.
Did We Make a Mistake?While it seems to be acceptable for blogs discussing web security to contain numerous factual mistakes, we hold ourselves to a higher standard. We only write about things that we actually understand and only after we have double checked the information. So if you see a mistake in one of our posts please leave a comment on the post or contact us so that we can add a correction.