New Wordpress exploit, version 2.0.6
To anyone who has `register_global` turned on for PHP versions 4 thru 4.4.3,< 5.1.4, update your Wordpress; 2.0.7RC1 is available. The exploit takes advantage of code flaws in wp-trackback.php.... again, allowing a SQL injection admin hash disclosure.
Thanks dominik at the Basecamp for the heads up. I don't need to update this time though.. :pblog comments powered by Disqus