WordPress Security Vulnerability Fixed in 2.8.4
Recently WordPress discovered a security vulnerability in WordPress Code, A special crafted URL request can bypass WordPress security check and an attackers can get access to WordPress hosted blog control panel.
According to a post by Matt Mullenweg, founding developer of WordPress that a worm is circulating over internet , that can post malware and spam to outdated versions of WordPress. The worm does not affect the current version 2.8.4 and the one prior to it. And it only affects people who host their own WordPress blog. Blogs hosted on WordPress.com are unaffected.
WordPress foxed this problem and have been testing the fixes and looking for other problems since then. Version 2.8.4 which fixes all known problems is now available for download and is highly recommended for all users of WordPress.
September 7th, 2009 at 8:49 AM
Hey guys,
I have wrote a PHP script to search & remove vulnerable code & any ‘extra’ admin found on your wordpress site.
This script will also upgrade your wordpress to the latest version.
No PHP system, exec or any regular execution command is used as i know some webhosts disable them… it will works as long as you have PHP 4/5 & curl function.
What the script does
===============
1. Search for vulnerable code
2. Backup wp’s database
3. Upgrade your wp to the latest
Instructions:
=========
1. Download the script from http://www.mxhub.com/fix_update_wp.zip
2. Upload to your wordpress directory where wp-config is reside
3. Go to http://yoursite.com/fix_update_wp.php to start the engine.
4. Done.
5. Give your feedback or report any problem.
http://forums.mxhub.com/showthread.php?t=798
My humble coding. Works for what i wanted. Hope it helps.