Technosailor.com Readers! Donate today to assist the CHF International Haiti Relief in their efforts.

2 March 2006 3 Comments

WordPress Security Flaw: FALSE

There is a lot of clamoring the past few days about a security bulletin that was posted regarding WordPress 2.0.1. The claim cites an SQL injection vulnerability that would allow comment forms to be exploited.

Let me go on record right now and say that this is a false alarm. There is NO security vulnerability in this form in WordPress 2.0.1. I have attempted to leverage the exploits on several of my 2.0.1 blogs and have had success only when logged in as admin.

While there will be a 2.0.2 security release at some time, it is not yet and it is not because of this supposed flaw. Rest assured that you are okay and that the developers are working hard behind the scenes to make sure flaws like this do not creep into the WordPress core.

Pick up your copy of the WordPress Bible, a wildly popular resource for beginners and experts alike.

Popularity: 1% [?]

3 Responses to “WordPress Security Flaw: FALSE”

  1. Aaron 3 March 2006 at 6:58 pm #

    test

  2. Aaron 3 March 2006 at 6:58 pm #

    test


Trackbacks/Pingbacks.

  1. Abusing Web Resources to Promote a Site » Technology, Blogging and Politics - 19. Jun, 2006

    [...] How is dropping links in Answers abuse? This is not always abuse. For instance, if someone poses a question about a rumored WordPress bug, I can legitimately post a link to an article debunking that myth. However, if I haphazardly go dropping links to my sites in unrelated entries, as it seemed like this guy was suggesting, it’s abuse of the system. In fact, it is spam – no better than what we fight everyday on our blogs and in our email. [...]