heise online IT news, features and forums at heise online UK
« previous | next »
8 February 2008, 12:47

Vulnerability in multiuser version of WordPress

The multiuser version of WordPress contains a hole which allows attackers to gain control of a server. According to the advisory, users can inject and execute arbitrary PHP scripts on the server if they have access to the manage_options and upload_files functions. An exploit for the hole has already been published.

The affected version is WordPress MU 1.3.1; versions 1.3.2 and higher don't contain the vulnerability. The developers urgently recommend upgrading to the current version. Those who haven't upgraded to 1.3.2 may wish to skip this version and upgrade straight to version 1.3.3, which is said to offer the same functionality as WordPress 2.3.3 and is available for download.

See also:

(mba)

Read comments (1 comment)
First!

« previous | next »
Print version | Send by email
  • Bookmark & Share
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit

Today on heise online

heise security
heise open
heise networks

Features