WordPress 2.1.3 Akismet Vulnerability
David Kierznowski of Operation n has discovered a serious flaw in the Akismet anti-spam plugin that comes by default with the latest version of WordPress (2.1.3).
Given the large install base of WordPress blogging platform, I imagine that this vulnerability wil be massively exploited in the following days / weeks.
Securityfocus.com has more details on this issue, as well as a presumably functional exploit.
The vendor has issued a new version (2.0.2) which fixes the problems. Because I couldn’t find an extensive description of the bug, I tracked the SVN commit log and this is the code that changed between release 12811 and 12812 :
If you are using this plugin (very useful plugin I might say), you are advised to either install the latest version or disable it in Wordpress plugins section.
Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback.
Print This Post
Post Info
This entry was posted on Tuesday, May 15th, 2007 . Tagged with:You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Domain blocking with OpenDNS - Free URL Filtering ? »
Next Post: Biggest Identity Theft Incidents During May 7 - 15 »
Read More
Related Reading:- Twitter Weekly Updates for 2009-06-28
- NetWitness Investigator - Awesome Network Intelligence!
- Twitter Weekly Updates for 2009-06-14
- Twitter Weekly Updates for 2009-06-07
- Twitter Weekly Updates for 2009-05-31
- McAfee Web Protection Service Review
- IT Hardware Budgeting in Times of Recession
- ISACA e-Symposium - Web Application Security
- Twitter Weekly Updates for 2009-05-24
- Twitter Weekly Updates for 2009-05-17
May 18th, 2007 10:31
[...] from Wordpres latest Akismet vulnerability, I was thinking of the impact that blogs have allready made in the way we use the internet [...]