[wp-trac] [WordPress Trac] #4627: Link manager exploit?
WordPress Trac
wp-trac at lists.automattic.com
Fri Jul 13 02:50:26 GMT 2007
#4627: Link manager exploit?
----------------------+-----------------------------------------------------
Reporter: cbdilger | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone:
Component: Security | Version: 2.2
Severity: normal | Keywords:
----------------------+-----------------------------------------------------
I think someone has found a way to add links using /wp-admin/link-add.php
without authentication -- today I found a new link (spam, of course, of
the casino variety) and three accesses to the above address from one IP
address.
I deleted the link, but I would not be surprised to see it return...
Let me know if I can provide more information; I have shell access to the
machine in question (hosted on Dreamhost). I'm running WP 2.2. Thanks.
--
Ticket URL: <http://trac.wordpress.org/ticket/4627>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list