Make WordPress Core

Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#4973 closed defect (bug) (invalid)

Wordpress exploit and issue

Reported by: gobinathm Owned by:
Milestone: Priority: high
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:


I am not sure whether this have been taken care. Please look in the following informations. Its fro Web Security Mailing List


From: Daniel Cuthbert <daniel.cuthbert@…> Date: Sep 13, 2007 3:05 PM Subject: [WEB SECURITY] When the community takes action To: websecurity@…

Sigh, another Wordpress exploit and issue, no shock there!


Wordpress has a massive user-base, and it seems that the developers have little, or no, concept of any SDLC or basic secure development as every new release is met by a serious remote vulnerability that allows attackers to compromise the host blog in some form or manner.

In an ideal world, we'd see the lead developers saying they need help and asking the community for that help, but what happens when they don't?

I'm not saying become vigilantes or something, but something should be done to help projects like Wordpress act in a more socially responsible way.


Change History (4)

#1 @zamoose
11 years ago

Looks like all those exploits target the XML-RPC side of the house. All anti-blog/anti-WP preening aside, it does seem to have a good bit to exploit.

I'm not sure whether 2.2.3 addresses the flaw that the script claims 2.2.2 is vulnerable to...

#2 @Otto42
11 years ago

This is not a "new" exploit. It's an automated program designed to exploit existing/known/fixed exploits.

The exploit it attempts for WordPress 2.2.2 installs is fixed in 2.2.3.

#3 @Otto42
11 years ago

  • Resolution set to invalid
  • Status changed from new to closed

More information on the fixed 2.2.2 vulnerability that this exploit code attempts to use: http://secunia.com/advisories/26771/

Note: See TracTickets for help on using tickets.