Disclosure: Some of the links on this page are affiliate links. Clicking these and making a purchase will directly support Rekkerd. Thanks!

WordPress 2.1.1 modified by cracker, upgrade to 2.1.2


Sometimes being lazy is a good thing. I was supposed to update my WordPress installation to version 2.1.1 last weekend, but I didn’t feel like checking what had changed exactly and if I needed the update. The short changelog said the update mostly consisted of small fixes and no critical stuff so I postponed.

Screenshot of WordPress websiteScreenshot of WordPress website announcing 2.1.1 vunerability

It turns out the 2.1.1 update was quite critical after all:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

It seems a cracker got access to a server that powers WordPress.org and was able to modify the download file.

More on this story at WordPress.org.

Notify of
Inline Feedbacks
View all comments