Following less than two weeks after the release WordPress 2.8.1, which fixed a potentially serious security vulnerability, a new version has been released to patch another potentially serious security vulnerability. In versions before 2.8.2, comment author URLs were not fully sanitized which could lead to a cross-site scripting (XSS) attack. When viewing a page in the administrative interface that contains a specifically crafted comment author URL the user would be automatically redirected to another web page. That other web page could try to infect the user’s machine with malware or try to perform some other harmful activity.
Outdated Software Alerts
Search This Blog
-
Recent Posts
- Websense’s Claim of Vulnerability in WordPress 3.2.1 Completely Baseless
- Looking at the Claimed WordPress setup-config.php Security Issues
- Claims of Vulnerability in WordPress 3.2.1 Supported by False Information
- DreamHost Does Store Non-Hashed Passwords
- Outdated Software Running on Websites of WordPress and Other Web Software
RSS/Atom Feed
Web Software Updates
WordPress Version
We are running WordPress 3.3.1 and despite what many supposed "security experts" claim letting you know what version we are running does not make us less secure.Did We Make a Mistake?
While it seems to be acceptable for blogs discussing web security to contain numerous factual mistakes, we hold ourselves to a higher standard. We only write about things that we actually understand and only after we have double checked the information. So if you see a mistake in one of our posts please leave a comment on the post or contact us so that we can add a correction.
