There's been released a new version of WordPress which contains bug fixes and also fixes for a couple of found vulnerabilities.
First one of these makes it possible to bypass administrator access control by using appropriate cookie. The vulnerability provides also a possibility to execute PHP code as the web server user. Vulnerability can be used only if a WordPress blog is configured to freely permit account creation.
Second one of the found vulnerabilities is cross site scripting (XSS) type vulnerability. Incomplete input checking provides a possibility to execute script code in user's browser.
Vulnerable versions for above meantioned vulnerabilities:
- WordPress 2.5 and possible older versions
Solution:
- Update version to 2.5.1
More information can be read here.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment