NAV » home archives colophon syndication contact
You can leave a response, or trackback from your own site.
1 Comment.

Write a Comment

[…] Thanks to some drastic and controversial actions taken by SpamKarma creator Dr. Dave, a large percentage of the blogging populace has been alerted to a security hole in WordPress. He even went to the effort of activating a warning message that was sent out to everyone who uses his SK2 plugin. This has resulted in a lot of fear spreading amoung a huge number of bloggers. This sort of thing just spreads exponentialy. Here’s a quasi random sampling of two dozen of the first posts on it: ………………….. And these were just from the English blogs that post about this on the same day as the notice going out. The neat thing is that these are some of the most on-top-of-things bloggers out there. Those 24 blogs have some great content and gread visual styles. The are well worth perusing… […]

Pingback by The Code Cave — July 28, 2006 @ 12:34 am | Quote
Post Information
This article was posted on Wednesday, July 26th, 2006 at 9:33 pm. It's filed under WordPress, Noteworthy. You can monitor the comments to this article by using the RSS 2.0 feed. It is tagged with the tags critical flaw, exploit, security wordpress.
Possibly Related Posts Random Posts in this Category
Best viewed in Firefox. Looks like crap in IE6.
Linux pwns.
Powered by a plethora of WP plugins.
Do you got code?
9rules. I wish.
toggle midsidebar
WordPress Critical Flaw Detected
Posted on Wednesday, July 26th, 2006 at 9:33 pm.

Dr Dave has announced that there is a security exploit affecting WordPress 1.5 and WordPress 2.0.

In a nutshell, stuff could happen to your blog if you don’t turn off “Anyone can register” on your WordPress options. If it’s on, DO IT NOW. Dr Dave adds that you should also disable any guest accounts you are unsure about.

I have no idea what the hell is going on - but take it from Dr Dave and disable it now. There is no real known proof about this exploit, but I am going to take it as a matter of trust to a respected blogger who is also the developer of Spam Karma. Let’s hope the WordPress dev guys realize this and patch it - really wicked quickly. Do not hesitate - disable it on your blog now. Dr Dave can’t give us anything on the exploit since not enough blogs are protected now - information may fall in the wrong hands and the exploit may come.

The last word is to take Dr Dave’s word - he’s tested it and it’s “shown to exist with varying levels of danger on all versions of WP up to the very last one.”

Notified by Kamigoroshi on IRC.