RSS FeedsWordPress Cross Site Scripting Vulnerability in templates.php
Jan 04, 2007
If you are using WordPress to run your blog you need to update your templates.php file that resides in your /your_blog_path/wp-admin folder. The cross site scripting vulnerability in this file allows a remote user to inject malicious code into your files and even steal sensitive information from your server. I just read this vulnerability is also used to launch phishing attacks.
A Blog Herald post talks about the scripting vulnerability in WordPress templates.php file and how to eliminate it:
- On line 72 of your existing templates.php there is a line that looks like update_recently_edited($file); — comment out this line.
- A patch has been declared at http://trac.wordpress.org/changeset/4665 – download the patched templates.php from there and overwrite the existing file with this file and upload this file to your server in the wp-admin folder.
TechLive has some geeky detail on this.
Technorati Tags: templates.php patch, wordpress patch, wordpress vulnerability, phishing attack
Posted by Amrit | Tags: Blog Publishing, Blogging News, Blogging Tips, Blogging Tools and Plugins
Add to: Digg | Del.icio.us | Yahoo! | Netvouz | BlinkList | Furl
You can leave a response, or trackback from your own site.
My Social Media Links