[wp-trac] [WordPress Trac] #11104: 2.8.5 Injection Exploit
WordPress Trac
wp-trac at lists.automattic.com
Mon Nov 9 06:39:04 UTC 2009
#11104: 2.8.5 Injection Exploit
-----------------------------+----------------------------------------------
Reporter: bradyk | Owner: ryan
Type: defect (bug) | Status: new
Priority: highest omg bbq | Milestone: Unassigned
Component: Security | Version: 2.8.5
Severity: blocker | Keywords: exploit, injection, hack, malware, porn
-----------------------------+----------------------------------------------
2.8.5 has a security hole that somehow allows files to be uploaded, code
to be changed/removed, and generally hijack the site for malware and porn
purposes - full details: [http://www.kyle-brady.com/2009/11/07/wordpress-
mediatemple-and-an-injection-attack/]
I contacted security at wordpress.com, but have heard nothing and I want to
make sure this get handled ASAP.
--Kyle
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11104>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list