[wp-hackers] Hacked blogs

Jason Webster jason at intraffic.net
Thu Mar 26 16:51:06 GMT 2009


It is also worth noting that a security vulnerability in _any_ software running on the server with 
the right permissions could inject code into a wordpress install.

On 26/03/2009 9:22 AM, Mike Schinkel wrote:
> I too fixed a site that had this iframe problem, but it was a v2.6 site.  I know this was asked implicitly but let me ask again explicitly; is there any chance that these hacked sites shared any of the same plugins?  As Mark Jaquith tweeted about recently, plugin as a group are generally not written with good security practices in mind; maybe there's a huge security hole in a shared plugin?
>
> -Mike Schinkel
> Custom Wordpress Plugins
> http://mikeschinkel.com/custom-wordpress-plugins
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list