There is a lot of clamoring the past few days about a security bulletin that was posted regarding WordPress 2.0.1. The claim cites an SQL injection vulnerability that would allow comment forms to be exploited.
Let me go on record right now and say that this is a false alarm. There is NO security vulnerability in this form in WordPress 2.0.1. I have attempted to leverage the exploits on several of my 2.0.1 blogs and have had success only when logged in as admin.
While there will be a 2.0.2 security release at some time, it is not yet and it is not because of this supposed flaw. Rest assured that you are okay and that the developers are working hard behind the scenes to make sure flaws like this do not creep into the WordPress core.
{ 1 trackback }
{ 2 comments }
Aaron 03.03.06 at 6:58 pm
test
Aaron Brazell 03.03.06 at 6:58 pm
test
Comments on this entry are closed.