WordPress update kyboshes XSS flaw
PrintBlog pwnage risk busted
Posted in Malware, 27th November 2008 15:07 GMT
Free whitepaper – Dell PowerEdge server benchmarks
WordPress has fixed a cross-site scripting (XSS) flaw in its blogging software.
Version 2.6.5 also addresses three unrelated performance and stability bugs with the open source package. The XSS fixed by the latest version of the software is limited to particular setups involving IP-based virtual servers running on Apache 2.x.
In those setups it might be possible for hackers to rig systems so that they serve up malicious Java Script from domains under their control, as explained in an advisory by WordPress here.
WordPress has jumped from version 2.6.3 to 2.6.5 of the software in order to avoid confusion with 2.6.4, a fake version recently offered up by black hats via a bogus site. Sysadmins were directed to download the backdoor-rigged code earlier this month by hackers exploiting vulnerabilities in the blogging package. ®
The Register Agile Data Center Summit
What Exchange can't do - and Dell can
Analyst Keynote: The Register Agile Data Center Summit
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive