[wp-trac] [WordPress Trac] #11104: 2.8.5 Injection Exploit

WordPress Trac wp-trac at lists.automattic.com
Mon Nov 9 06:39:04 UTC 2009


#11104: 2.8.5 Injection Exploit
-----------------------------+----------------------------------------------
 Reporter:  bradyk           |       Owner:  ryan                                   
     Type:  defect (bug)     |      Status:  new                                    
 Priority:  highest omg bbq  |   Milestone:  Unassigned                             
Component:  Security         |     Version:  2.8.5                                  
 Severity:  blocker          |    Keywords:  exploit, injection, hack, malware, porn
-----------------------------+----------------------------------------------
 2.8.5 has a security hole that somehow allows files to be uploaded, code
 to be changed/removed, and generally hijack the site for malware and porn
 purposes - full details: [http://www.kyle-brady.com/2009/11/07/wordpress-
 mediatemple-and-an-injection-attack/]

 I contacted security at wordpress.com, but have heard nothing and I want to
 make sure this get handled ASAP.

 --Kyle

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11104>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list