[wp-hackers] Reporting WordPress exploits?
Lynne Pope
lynne.pope at gmail.com
Thu Feb 5 17:01:06 GMT 2009
2009/2/6 Mindshare Studios <info at mindsharestudios.com>
> Hi,
>
> I was just wondering if there was a recommended procedure for reporting
> WordPress security vulnerabilities. I have a site running 2.7 that has had
> some hidden spam links injected into it, but this may have occurred before
> I
> upgraded to the latest version. I'm going to completely wipe the server and
> do a fresh install to be sure to get rid of the problems but I thought I'd
> ask the list to see if anyone is interested in looking at the malicious
> code
> (I've isolated at least three files containing bad code) or if this is
> worth
> reporting.
If you are certain its a WordPress security issue just send an email to
security at wordpress.org
You should first check your server logs to identify where the crackers or
bot got in and identify where the injection occurred. Even though you have
had WP files hacked the vulnerability may lie elsewhere on the server.
If it is a WordPress vulnerability the team will need to know as much
information as possible about your server environment, which plugins you are
using, and which theme. This will help them to isolate any issues.
Lynne
More information about the wp-hackers
mailing list