28.Apr.2008 at 10:27 am | 4 Comments
When a client of mine upgraded to WordPress 2.5.1 from WordPress 2.5 she encountered an issue where the database will not upgrading, resulting in the “WordPress 2.5.1 is available! Please update now.” flashing in her dashboard and every other admin pages. On initial search of the WordPress support forum, we found the following strings that pointed us in a certain direction:
http://wordpress.org/support/topic/172004
http://wordpress.org/support/topic/168964
Neither strings suggest solutions that are easy or safe, however, I urge you check these posts and then search your install via file manager/FTP/WebFTP to ensure you do not have files with the following extensions anywhere within a writable …
Tagged: Announcements, Awareness, Bug Fix, Code, Design, PHP, Security Fix, Spam, WP, Web, Web Hosting, blog, hacks, headsetoptions, how to, internet, news, resources, techniques, wordpress
25.Apr.2008 at 3:37 pm | 1 Comment
WordPress 2.5.1 is already out, so the blog you upgraded last month, is outdated and worse, could be vulnerable. A Common Vulnerabilities and Exposures (CVE 2008 1930) which reads as below is now known to be the reason for this hastened release:
An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts.
This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection.
If a Wordpress blog is configured to freely permit account creation, a remote attacker can gain Wordpress-administrator access and then elevate this to arbitrary code …
Tagged: Announcements, Design, New Release, Security Fix, WP, Web, blog, internet, resources, wordpress
