Vulnerabilities in WordPress - Update
Security services provider Core Security has warned of an vulnerability in the processing of certain URLs in the popular WordPress blogging software, leading to various security problems. For example, unprivileged but registered users are reportedly able to examine the configuration pages of plug-ins and to change their options.
The "admin.php" dashboard component, which doesn't test access rights correctly, is to blame. Core Labs has listed some sample URLs in its report to show how the plug-ins – including the WP module for the PHPIDS (PHP-Intrusion Detection System) – can be manipulated.
According to the report, all versions up to WordPress 2.8 and up to WordPress MU (multi-user) 2.7.1 are affected. The vulnerabilities have reportedly been eliminated from the final versions 2.8.1 and MU 2.8.1, both of which should be available to download soon. Currently, version 2.8.1 is only available as a release candidate.
Update: - WordPress 2.8.1 is now released and available to download.
- WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures, security advisory from Core Security.