WordPress 2.1.3 Akismet Vulnerability

David Kierznowski of Operation n has discovered a serious flaw in the Akismet anti-spam plugin that comes by default with the latest version of WordPress (2.1.3).

Given the large install base of WordPress blogging platform, I imagine that this vulnerability wil be massively exploited in the following days / weeks.

Securityfocus.com has more details on this issue, as well as a presumably functional exploit.

The vendor has issued a new version (2.0.2) which fixes the problems. Because I couldn’t find an extensive description of the bug, I tracked the SVN commit log and this is the code that changed between release 12811 and 12812 :

akismet vulnerability

If you are using this plugin (very useful plugin I might say), you are advised to either install the latest  version or disable it in WordPress plugins section.

Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback. Print This Post Print This Post

One Response to “WordPress 2.1.3 Akismet Vulnerability

Subscribe without commenting

Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge