A Cross-site scripting (XSS) vulnerability has been in found in wp-admin/template.php which could allow malicious web users to inject arbitary web scripts or HTML code through the file parameter.
This exploit could allow remote attackers to do nasty things by injecting php or html codes into your wordpress core files.
Vulnerable versions of Wordpress:
- WordPress, 2.0.5
- WordPress, 2.0.4
- WordPress, 2.0.3
- WordPress, 2.0.2
- WordPress, 2.0.1
- WordPress, 2.0
- WordPress, 1.5.
- WordPress, 1.5.1.3
- WordPress, 1.5.1.2
- WordPress, 1.5.1
- WordPress, 1.5
- WordPress, 1.2.2
- WordPress, 1.2.1
- WordPress, 1.2
- WordPress, 0.71
- WordPress, 0.7
- Wordpress, (B2) 0.6.2.1
- Wordpress, (B2) 0.6.2
The simplest way to fix this exploit would be to download the patched version of template.php and then replace it with your exiting wp-admin/template.php
Read more about this exploit on Operation N or Security Focus
Wordpress is a powerful blogging script, I’m sure lots of you might be blogging using Wordpress. Don’t wait any longer, go patch your template.php file now.
Written by 
wrote, on January 2nd, 2007
Thanks Thilak to add my name.
wrote, on January 2nd, 2007
Thanks for the update!
Is there any problem if we didnt replace the file?
wrote, on January 2nd, 2007
[...] To learn more about this vulnerability, visit Operation N or Security Focus. Report via Tech-Buzz. [...]
wrote, on January 3rd, 2007
Rishi: No, there won’t be a problem unless you are spotted by some attacker
wrote, on January 3rd, 2007
Thilak,
What concerns me the most is that Wordpress.org hasn’t released anything about this yet. There isn’t anything posted on their blog and no official fixes. What more do you know about this and do you think that Wordpress.org knows about this?
wrote, on January 3rd, 2007
[...] Thanks to Tech-Buzz. [...]
wrote, on January 3rd, 2007
Security Alert: templates.php XSS vulnerability in WordPress
Thanks to Thilak of TechBuzz, I’ve just learned about wp-admin/templates.php (part of your WordPress administration functionality) seems to be vulnerable to a rather nasty XSS exploit.
…
wrote, on January 3rd, 2007
You mean existing… not exiting
wrote, on January 3rd, 2007
Thanks boy! I just researched a bit and patched it up.
wrote, on January 3rd, 2007
[...] TechBuzz lists all WordPress versions that are in danger of this exploit, but the short story is unless you’re using 2.0.6 you’re not safe. And as far as I know that one hasn’t been released officially yet. It’s advised you patch the culprit file in the meantime. (Make sure to back those files up first!) * It’s so popular, in fact, that sneaky people are making money off of hinting at how you can use it to make your money. They obviously haven’t head of WP’s support community. [...]
wrote, on January 3rd, 2007
thanks for the update
wrote, on January 3rd, 2007
Thx for highlighting me.I had been notifying other bloggers about it.
wrote, on January 3rd, 2007
Just wanted to add one more thing.I had a contact with Matt(Wordpress) on email , He confimred about the news.So its safe.You can get to read about the email on my blog.
wrote, on January 4th, 2007
[...] Tech Buzz lists the vulnerable versions (almost all versions prior to 2.06), and adds, A Cross-site scripting (XSS) vulnerability has been in found in wp-admin/template.php which could allow malicious web users to inject arbitary web scripts or HTML code through the file parameter. [...]
wrote, on January 5th, 2007
[...] Bekannt ist diese Lücke wohl schon seit dem 27. Dezember, wie man bei dem Entdecker (?) Operation n nachlesen kann. techbuzz listet alle betroffenen stabilen Wordpress-Versionen. [...]
wrote, on January 11th, 2007
Thanks for the heads up on this potential problem.
wrote, on May 18th, 2007
[...] WordPress template.php Exploit Discovered [...]