FeedBurner
Wordpress 2.1.1 Contains Security Exploit
If you’ve downloaded and installed Wordpress 2.1.1 in the past few days you may have a nasty explotable bug in the files that was installed by someone that cracked in to the Wordpress server files. You need to download and re-upgrade to 2.1.2 immediately to insure the safety of your website or blog.
Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution. More on this story from Wordpress.org
The good people over at Wordpress.org have had to take stronger security measures to make certain that this never happens again. There’s always someone willing to try to steal, damage, deface or screw things up for everyone else isn’t there? I hope they figure out who it was and hopefully have the scum ball prosecuted.
