[wp-hackers] Exploit again!
Michael D Adams
mikea at turbonet.com
Wed Aug 17 23:35:20 GMT 2005
On Aug 17, 2005, at 4:14 PM, Matt Mullenweg wrote:
> We can post an update to the blog if you think it'd help, I'm open
> to suggestions.
Not a bad idea. Perhaps something like:
There was a mistake in a file when we very first made 1.5.2
available. The issue was corrected within four hours of the initial
posting here, so you probably aren't effected at all. If you were
one of the early worms (thanks for being on top of things!) you can
download [this one file] and use it instead of the one on your site.
Noter: this ONLY effects those who downloaded 1.5.2 within a few
hours of its release and are on a host which has register_globals on
without mod_security in place! You do *not* need to worry otherwise.
Happy blogging,
etc. etc.
Would be appropriate.
I just don't want people to be able to say WP wasn't on top of things
re: security.
Michael,
--mdawaffe
More information about the wp-hackers
mailing list