Note: this post is from 2007, outbound links may be broken.

WordPress 2.1.1 modified by cracker, upgrade to 2.1.2

Related: , Posted in random posts on Mar 05, 2007 - comment 0 comments

Sometimes being lazy is a good thing. I was supposed to update my WordPress installation to version 2.1.1 last weekend, but I didn’t feel like checking what had changed exactly and if I needed the update. The short changelog said the update mostly consisted of small fixes and no critical stuff so I postponed.

Screenshot of WordPress website
Screenshot of WordPress website announcing 2.1.1 vunerability

It turns out the 2.1.1 update was quite critical after all:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

It seems a cracker got access to a server that powers WordPress.org and was able to modify the download file.

More on this story at WordPress.org.

u-he Uhbik plugins

Recommended sounds