[wp-trac] Re: [WordPress Trac] #7710: admin account exploit
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 8 16:04:11 GMT 2008
#7710: admin account exploit
-----------------------------+----------------------------------------------
Reporter: jeremyclark13 | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone: 2.6.2
Component: Security | Version: 2.6.1
Severity: critical | Resolution:
Keywords: milworm exploit |
-----------------------------+----------------------------------------------
Comment (by Otto42):
Replying to [comment:2 g30rg3x]:
> This problem was already addressed in changeset
[http://trac.wordpress.org/changeset/8748 8748] (for 2.6.x) and in
[http://trac.wordpress.org/changeset/8704 8704] (for trunk).
Bah. I liked my solution better. ;)
However, that change is post-2.6.1, so the current latest released version
is still vulnerable to this attack. 2.6.2 should get pushed out quickly
because of this flaw, IMO.
--
Ticket URL: <http://trac.wordpress.org/ticket/7710#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list