In association with heise online

13 September 2007, 18:15

WordPress 2.2.3 closes security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of the WordPress open-source blog system have published version 2.2.3 of the software, which closes two security holes. In previous versions, attackers could remotely inject SQL commands via the XMLRPC interface by transferring specially crafted URLs in order to obtain user credentials. The second vulnerability allowed attackers without unfiltered_html capability to post arbitrary HTML code in a blog entry by means of manipulated HTTP-POST queries.

The other changes that the developers summarize in the change log relate to minor flaws. The developers recommend that WordPress users update to the new version, which is available at the project's websites for downloading.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit