Reports about a WordPress hack affecting self-hosted WordPress blogs have appeared on the Internet in March. The hack seems to affect WordPress 2.9.2, the latest version of the blogging platform. To make matters worse there seem to be two – possibly unrelated – issues that webmasters experience. One is a malware attack that is spreading [...]
- Author: Martin Brinkmann
- Comments: 25
Computer Worm Attacks Not Updated WordPress Blogs
A computer worm is currently in the wild that is attacking unpatched WordPress blogs. Unpatched meaning blogs that have not been updated by their administrators to the latest version of the popular blogging software. The worm exploits a security vulnerability in older versions of WordPress to create a user account, make some changes to the [...]
- Author: Martin Brinkmann
- Comments: 8
WordPress 2.8.4 Security Update
We noticed a security vulnerability in WordPress 2.8.3 yesterday (and earlier versions as well) that allowed an attacker to reset passwords of users. While this vulnerability could not be exploited to gain access to the user account (unless access to the email account the password was send to was available as well) it could be [...]
- Author: Martin Brinkmann
- Comments: 15
WordPress Remote Admin Password Reset Vulnerability
The password of my WordPress admin account was not valid when I tried to login today. I first thought it was a problem with the LastPass password manager and tried to see if I was still logged into the service. When I checked my email inbox I noticed that I have received a new password [...]