WordPress update kyboshes XSS flaw
PrintBlog pwnage risk busted
Posted in Spyware, 27th November 2008 15:07 GMT
Free whitepaper – Vulnerability management buyer's checklist
WordPress has fixed a cross-site scripting (XSS) flaw in its blogging software.
Version 2.6.5 also addresses three unrelated performance and stability bugs with the open source package. The XSS fixed by the latest version of the software is limited to particular setups involving IP-based virtual servers running on Apache 2.x.
In those setups it might be possible for hackers to rig systems so that they serve up malicious Java Script from domains under their control, as explained in an advisory by WordPress here.
WordPress has jumped from version 2.6.3 to 2.6.5 of the software in order to avoid confusion with 2.6.4, a fake version recently offered up by black hats via a bogus site. Sysadmins were directed to download the backdoor-rigged code earlier this month by hackers exploiting vulnerabilities in the blogging package. ®
Free whitepaper – Avoiding 7 common mistakes of IT security compliance
Analyst Keynote: The Register Agile Data Center Summit
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Enabling the Agile Data Center
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive