SQL Injection: Wordpress 3.0.2 released

Published: 2010-12-02. Last Updated: 2010-12-02 17:25:16 UTC
by Kevin Johnson (Version: 1)
1 comment(s)

 Wordpress has released a new version, 3.0.2, to fix a SQL injection flaw.  This flaw is in all previous versions of the codebase according to reports, which means that if you are running Wordpress, you must update.  This exploit is possible with author-level permissions but personally I would not depend on this to protect myself.  More information is available here.

Keywords: SQL Injection SQL injection patch wordpress
1 comment(s)

Comments

FYI, Wordpress is now at version 3.0.3 to fixe issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts (http://codex.wordpress.org/Version_3.0.3)

Michel

Dec 9th 2010
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives