[wp-hackers] Exploit again!

Michael D Adams mikea at turbonet.com
Wed Aug 17 23:35:20 GMT 2005

On Aug 17, 2005, at 4:14 PM, Matt Mullenweg wrote:
> We can post an update to the blog if you think it'd help, I'm open  
> to suggestions.

Not  a bad idea.  Perhaps something like:

There was a mistake in a file when we very first made 1.5.2  
available.  The issue was corrected within four hours of the initial  
posting here, so you probably aren't effected at all.  If you were  
one of the early worms (thanks for being on top of things!) you can  
download [this one file] and use it instead of the one on your site.

Noter: this ONLY effects those who downloaded 1.5.2 within a few  
hours of its release and are on a host which has register_globals on  
without mod_security in place!  You do *not* need to worry otherwise.

Happy blogging,
etc. etc.

Would be appropriate.

I just don't want people to be able to say WP wasn't on top of things  
re: security.

More information about the wp-hackers mailing list