[wp-hackers] PCI Compliance and Wordpress 2.9.2

Brian Layman bulk at thecodecave.com
Wed May 19 20:06:25 UTC 2010

The synopsis is incorrect given your supplied information.

You state you are running version Wordpress 2.9.2.

I remember that issue as it affected problogger.com right around Christmas
of 2007. Mark jumped on it and it was fixed very quickly.  

Yeah... look at the disclosure page
(http://www.securityfocus.com/archive/1/485160/30/0/threaded). It refers to
"Version affected:2.3.1 (Latest at the time of writing)"  

The ticket the synopsis refers to "http://trac.wordpress.org/ticket/5487
Solution: Unknown at this time." was closed on December 28, 2007 upon
release of 2.3.2. The issue was disclosed, fixed tested and released in
version 2.3.2 within 11 days.

I'm not sure what they expect you to do given it is 2010 and you are running
version 2.9.2...
"The version of WordPress on the remote host does not.." is blatently false,
assuming you have your version number correct.  Could you have an archived
test site somewhere on your server?

-Brian Layman

More information about the wp-hackers mailing list