Sunday, March 4, 2007

Urgent for WordPress blog users!

WordPress 2.1.1 compromised, upgrade to 2.1.2 ASAP

If any of you administer a blog based on WordPress and you recently upgraded to version 2.1.1 then you should immediately upgrade to 2.1.2 before your site is 0wn3d. Earlier versions of the 2.x release series are safer, although 2.1.x has numerous bug fixes and minor security fixes.

(Links open in a new tab or window.)

"It was determined that a cracker had gained user-level access to one of the servers that powers, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution."

If you are a shared WordPress blog user - you might want to ping your site admin about this today.