25.Apr.2008 at 3:37 pm |

WordPress 2.5.1 and CVE 2008 1930

WordPress 2.5.1 is already out, so the blog you upgraded last month, is outdated and worse, could be vulnerable. A Common Vulnerabilities and Exposures (CVE 2008 1930) which reads as below is now known to be the reason for this hastened release:

wordpress 2.5An attacker, who is able to register a specially crafted username on a WordPress 2.5 installation, is able to generate authentication cookies for other chosen accounts.

This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection.

If a WordPress blog is configured to freely permit account creation, a remote attacker can gain WordPress-administrator access and then elevate this to arbitrary code execution as the web server user.

Note that this applies to those site that allow users to register, so if you have multiple authors or prefer users to register to comment, download WordPress 2.5.1 and upgrade using our painless technique!

Tagged: Announcements, blog, Design, internet, New Release, resources, Security Fix, Web, wordpress, WP

Leave a Comments | Trackback | RSS 2.0

  1. 1. wpSnap - Best WordPress Themes, Blogging Tips, Design Resources » WordPress 2.5 Vulnerability Requires WordPress 2.5.1 Upgrade | April 28, 2008 #

    [...] such as our own site should not be running version 2.5 for the reason we all have come to know as CVE 2008 1930. Upgrading to version 2.5.1 now will save you a lot of hassle, trust me us [...]

Have Your Say »

(Required- use your name, not keywords)

(Required- will not be published)

(Optional)

Use SimpleCode while pasting codes.

| Home |

RSS Feed

Where am I?

You’re currently reading “WordPress 2.5.1 and CVE 2008 1930,” an entry on HeadsetOptions by on Apr 25 2008 @ 3:37 pm

About & Contact ↓↑

Headsetoptions is a small design studio in Richmond VA. We specialize in standards based Web Design and Search Engine Optimization services. We are a well connected geek collective in love with WordPress, the Worlds Best Open CMS.

Feel free to browse around, download themes, critique it, and enjoy our blogs while at it!

Need more? Click to learn more or write to us

Visit Our Friends

  • wpSnap - Best WordPress Themes, Plugins, Tips, Tutorials and News
  • MandarinMusing.com - WordPress Themes, Web Design, Internet, Technology, SEO - Freshly Squeezed Web 2.0 Resources
  • PR5 Directory Services - dirsnap.com
  • Global Environmental Technology and Management - Environmental Science, Global Warming, Pollution

Want to showcase your site on Headsetoptions?

Advertisement

LIKE OUR THEMES? DONATE!

flipformore.com