Alert, Upgrade To WordPress 2.1.2

by Scott Beale on March 2, 2007 · 0 comments

Anchor Brewery Tour

The server hosting WordPress 2.1.1 was recently exploited and malicious code was added to the download file. Anyone who previously upgraded to WordPress 2.1.1 should upgrade to WordPress 2.1.2 immediately. Here’s more info.

This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

photo credit: Scott Beale

Here Are A Few Related Posts You Might Enjoy:

The WordPress Automatic Upgrade Plugin Rocks

WordPress Under Attack, Upgrade Now

WordPress 1.5 Upgrade Party

WordPress 2.3.2 Urgent Security Release

WordPress.tv, A Visual Resource For All Things WordPress

filed under WordPress

Written by Scott Beale

Scott has written 4990 posts on Laughing Squid.

Subscribe to content via RSS, Email, Twitter & Facebook.

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Moderation: All comments are manually approved, so if your comment is approved it may take a while for your comment to appear on this blog post.

Irrelevant, obnoxious, trolling, abusive and spam comments will not be approved. Let's keep things civil and on topic. Basically what we are saying, if your comment does not add to the conversation, it will not be approved.

Real Name & Website: For the most part do not post anonymous comments. Please list your real name and provide a link to your website, blog, Twitter account, etc. You know who we are, so we ask the same of you.

Corrections: If you want to point out a typo or correction, please email us instead. Typo or correction comments will not be approved since they are pretty much useless once they are corrected and then only tend to confuse things.

Gravatars: If you would like a Gravatar to show up with your comment? Just sign-up for an account and any comment with your email address will display your Gravatar.

Previous post: Violet Blue Launches Techyum

Next post: Virginia DMV Driver’s License Prank