[wp-trac] [WordPress Trac] #4627: Link manager exploit?

WordPress Trac wp-trac at lists.automattic.com
Fri Jul 13 02:50:26 GMT 2007

#4627: Link manager exploit?
 Reporter:  cbdilger  |       Owner:  anonymous
     Type:  defect    |      Status:  new      
 Priority:  normal    |   Milestone:           
Component:  Security  |     Version:  2.2      
 Severity:  normal    |    Keywords:           
 I think someone has found a way to add links using /wp-admin/link-add.php
 without authentication -- today I found a new link (spam, of course, of
 the casino variety) and three accesses to the above address from one IP

 I deleted the link, but I would not be surprised to see it return...

 Let me know if I can provide more information; I have shell access to the
 machine in question (hosted on Dreamhost). I'm running WP 2.2. Thanks.

Ticket URL: <http://trac.wordpress.org/ticket/4627>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list