An update for the popular blogging software WordPress was just released. The developers classify the update as a security update, it appears however that it fixes no zero day vulnerability. The WordPress blog lists the following security enhancements and fixes in WordPress 3.1.3. Various security hardening Taxonomy query hardening Prevent sniffing out user names of [...]

Categories: Security

An update to the popular blogging platform WordPress has just been released that fixes a critical security vulnerability in the software. WordPress 3.0.4 is already available for download at the official website and through the updating options on installed WordPress blogs. The update is currently not announced on the frontpage of the admin interface which [...]

Categories: Security

An update for the blogging script WordPress has just been released by the development team. The update fixes a security vulnerability that was previously reported by Thomas Mackenzie on his personal blog. The vulnerability affects all WordPress installations with the version number 2.9.0 or later. Previous WordPress installations are not affected by the vulnerability (but [...]

Categories: The Web

A computer worm is currently in the wild that is attacking unpatched WordPress blogs. Unpatched meaning blogs that have not been updated by their administrators to the latest version of the popular blogging software. The worm exploits a security vulnerability in older versions of WordPress to create a user account, make some changes to the [...]

Categories: Security, The Web

We noticed a security vulnerability in WordPress 2.8.3 yesterday (and earlier versions as well) that allowed an attacker to reset passwords of users. While this vulnerability could not be exploited to gain access to the user account (unless access to the email account the password was send to was available as well) it could be [...]

Categories: The Web

The password of my WordPress admin account was not valid when I tried to login today. I first thought it was a problem with the LastPass password manager and tried to see if I was still logged into the service. When I checked my email inbox I noticed that I have received a new password [...]

Categories: The Web