In association with heise online

26 November 2008, 15:24

WordPress update fixes vulnerabiliy

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In WordPress version 2.6.5, the developers of the open source blog-publishing tool fixed a cross site scripting (XSS) vulnerability as wells as three bugs not related to security. However, the XSS hole can only be exploited on IP-address-based virtual servers running Apache 2.x. Since installations at web hosts are usually name-based, it is not likely that many users will be affected.

The XSS hole is contained in wp-includes/feed.php. When RSS feeds are generated, JavaScript can be injected and executed in the victim’s browser under certain circumstances. The Wordpress developers skipped version number 2.6.4 in order to avoid mix-ups involving a fraudulent version 2.6.4 put into circulation by scammers.

See also:

(trk)

Print Version | Send by email | Permalink: http://h-online.com/-739009
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit