The opinions expressed herein are entirely my own and do not represent the opinions of any other entity with which I am affiliated. Opinions expressed in comments and trackbacks are those of their respective authors and do not necessarily reflect my own point of view.
All works are licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.
© Copyright 2006-2009 MalwareTeks
Somebody managed to hack into the Wordpress server and modified two files in WordPress v2.1.1 to include code that would allow for remote PHP execution. Although not all downloads of v2.1.1 were affected, WordPress.org has declared the entire version dangerous and has released version 2.1.2 that includes minor updates and entirely verified files.
WordPress Article: WordPress 2.1.1 Dangerous, Upgrade
EDIT (4 March 7:28 PM): WordPress reports that the v2.1.2 code base is clean and in fact the below code is included by the developers in all copies of index.php in the WordPress package.
EDIT: It would appear that someone has successfully hacked Version 2.1.2 and has modified index.php
<?php
// Silence is golden.
?>
STATEMENT REMOVED ~ SPD ~
Reference: Wordpress 2.1.2 download package hacked
Comment Meta:
XHTML:
More Options ...
Categories
Tag Cloud
Blog RSS
Comments RSS
Void « Default
Life 
Earth 
Wind 
Water 
Fire Light
Previous: 
Next: 
Last 50 Posts 
Back