A computer worm is currently in the wild that is attacking unpatched Wordpress blogs. Unpatched meaning blogs that have not been updated by their administrators to the latest version of the popular blogging software. The worm exploits a security vulnerability in older versions of Wordpress to create a user account, make some changes to the [...]
Wordpress 2.8.4 Security Update
We noticed a security vulnerability in Wordpress 2.8.3 yesterday (and earlier versions as well) that allowed an attacker to reset passwords of users. While this vulnerability could not be exploited to gain access to the user account (unless access to the email account the password was send to was available as well) it could be [...]
Wordpress Remote Admin Password Reset Vulnerability
The password of my Wordpress admin account was not valid when I tried to login today. I first thought it was a problem with the LastPass password manager and tried to see if I was still logged into the service. When I checked my email inbox I noticed that I have received a new password [...]
