[wp-trac] [WordPress Trac] #16447: JS in new admin user when updating through SVN

WordPress Trac wp-trac at lists.automattic.com
Thu Feb 3 03:13:12 UTC 2011

#16447: JS in new admin user when updating through SVN
 Reporter:  webtechman                 |       Owner:
     Type:  defect (bug)               |      Status:  closed
 Priority:  normal                     |   Milestone:
Component:  Security                   |     Version:
 Severity:  normal                     |  Resolution:  invalid
 Keywords:  javascript, script, admin  |
Changes (by dd32):

 * status:  new => closed
 * resolution:   => invalid
 * milestone:  Awaiting Review =>


 That user would've been on the site before you upgraded, There's a good
 chance that obfuscated JS there was previously hiding it from your view,
 Knowing from what version you upgraded from helps.

 For a quick checkpoint on where to go from here:

 The next thing will be to check your database, Look at the date of the
 users registration, in the users table, check the 'user_registered' field,
 it'll let you know when your install was compromised (Assuming you didn't
 delete the user).

 Finally, As long as this user wasn't registered -after- you upgraded to
 3.0.4, it's likely that this was a hole in an older version of WordPress
 which has since been patched up.

 For future reference, To report security issues, check out:
 http://codex.wordpress.org/Reporting_Bugs#Reporting_security_issues  To
 get support to clean up your install, check out the support forums:
 http://wordpress.org/support/ and finally, you might find the "Exploit
 Scanner" plugin a worthwhile tool to run over to check for any other signs
 of infection:

 Closing as invalid purely due to the fact that this would've happened
 prior to the 3.0.4 upgrade (Please email `security at wordpress.org` if
 you have a reason to believe it's a current threat, along with as much
 detail of the previous version of WordPress in use, the user registered
 details, any server logs which relate to it, and anything else you can

Ticket URL: <http://core.trac.wordpress.org/ticket/16447#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list