Now that my overly sensationalized title has grabbed your headline, here’s the point:
Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.
For the longer story (I don’t know why you would) click here.
Originally posted on March 2, 2007 @ 5:31 pm
This is what I get for being lazy. This vulnerability was actually discovered and written up on Feb 27, 2007. However, if your host is a little on edge and utlizing mod_securit you’re absolutely fine. Mod_security, if using some moderate security signatures should detect the %3E and script string within the URI during the attack vector and deliver an error 500.
I was going to write about this two days ago but got tied up with work. But once again, there were five new attack vectors released and all 5 should be harmless if mod_security is included within apache on your host.
Just FYI
Wanted to compliment on your site, it looks really good .
Hank