IT Masala

A Tech Curry with a Pinch of Indian Spice

3rd March 2007

WordPress 2.1.1 dangerous, Upgrade to 2.1.2

posted in Alerts, Internet, Suggest, WP |

If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include awordpress_212.jpg security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

From WordPress.org :

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

 

Although not all downloads of 2.1.1 were affected, WordPress declaring the entire version dangerous,  have released a new version 2.1.2 that includes minor updates and entirely verified files

WordPress has also setup an exclusive email address for this , as its very critical. You can email them at  21securityfaq@wordpress.org and ask you questions

Suggestion to all WordPress users :

If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. Check out your friends blogs and if any of them are running 2.1.1 drop them a note and, if you can, pitch in and help them with the upgrade.

For all detailed information click here : WordPress Official Site

Leave a Reply

*
To prove you're a person (not a spam script), type the security text shown in the picture. Click here to regenerate some new text.
Click to hear an audio file of the anti-spam word


Call India for only 6.9ยข - 90 Free Minutes
rss posts
Spread the Word
delicious
digg
technorati
reddit
magnolia
stumbleupon
yahoo
google