WordPress template.php Exploit Discovered

A Cross-site scripting (XSS) vulnerability has been in found in wp-admin/template.php which could allow malicious web users to inject arbitary web scripts or HTML code through the file parameter.

This exploit could allow remote attackers to do nasty things by injecting php or html codes into your wordpress core files.

Vulnerable versions of WordPress:

  • WordPress, 2.0.5
  • WordPress, 2.0.4
  • WordPress, 2.0.3
  • WordPress, 2.0.2
  • WordPress, 2.0.1
  • WordPress, 2.0
  • WordPress, 1.5.
  • WordPress, 1.5.1.3
  • WordPress, 1.5.1.2
  • WordPress, 1.5.1
  • WordPress, 1.5
  • WordPress, 1.2.2
  • WordPress, 1.2.1
  • WordPress, 1.2
  • WordPress, 0.71
  • WordPress, 0.7
  • WordPress, (B2) 0.6.2.1
  • WordPress, (B2) 0.6.2

The simplest way to fix this exploit would be to download the patched version of template.php and then replace it with your exiting wp-admin/template.php

Read more about this exploit on Operation N or Security Focus

WordPress is a powerful blogging script, I’m sure lots of you might be blogging using WordPress. Don’t wait any longer, go patch your template.php file now.

Thanks for the tip Ashish, Phalgun

This post was published by on January 2, 2007

About the Author: Thilak Rao works as a Social Media Expert. He is one of the first professional bloggers from India, and he loves to write, travel and click photos. Follow him on Twitter @thilak

  • http://www.techlive.co.nr Phalgun

    Thanks Thilak to add my name.

  • http://www.rishiraj.info Rishi

    Thanks for the update!

    Is there any problem if we didnt replace the file?

  • http://www.technobeta.com/posts/vulnerability-found-in-wordpress/ TechnoBeta Blog

    [...] To learn more about this vulnerability, visit Operation N or Security Focus. Report via Tech-Buzz. [...]

  • http://tech-buzz.net Thilak

    Rishi: No, there won’t be a problem unless you are spotted by some attacker

  • http://garryconn.com/ Garry Conn

    Thilak,

    What concerns me the most is that WordPress.org hasn’t released anything about this yet. There isn’t anything posted on their blog and no official fixes. What more do you know about this and do you think that WordPress.org knows about this?

  • http://www.zealios.net/2007/01/03/wordpress-exploit/ Zealios[dot]Net » Blog Archive » Wordpress Exploit.

    [...] Thanks to Tech-Buzz. [...]

  • http://www.perfectblogger.com/2007/01/wordpress-template-vulnerability/ Perfect Blogger

    Security Alert: templates.php XSS vulnerability in WordPress

    Thanks to Thilak of TechBuzz, I’ve just learned about wp-admin/templates.php (part of your WordPress administration functionality) seems to be vulnerable to a rather nasty XSS exploit.

  • http://techtites.com/ Ajay

    You mean existing… not exiting ;)

  • http://www.wisetome.com/splat Vyoma

    Thanks boy! I just researched a bit and patched it up.

  • http://stellify.net/hacking-away/wordpress-xss-vulnerability-in-templatephp/ WordPress XSS vulnerability in template.php * Stellify

    [...] TechBuzz lists all WordPress versions that are in danger of this exploit, but the short story is unless you’re using 2.0.6 you’re not safe. And as far as I know that one hasn’t been released officially yet. It’s advised you patch the culprit file in the meantime. (Make sure to back those files up first!) * It’s so popular, in fact, that sneaky people are making money off of hinting at how you can use it to make your money. They obviously haven’t head of WP’s support community. [...]

  • http://www.freakitude.com Lovedeep Wadhwa

    thanks for the update :shock:

  • http://technospot.net/blogs/index.php/2006/12/19/p Ashish Mohta

    Thx for highlighting me.I had been notifying other bloggers about it.

  • http://technospot.net/blogs/index.php/2006/12/19/p Ashish Mohta

    Just wanted to add one more thing.I had a contact with Matt(WordPress) on email , He confimred about the news.So its safe.You can get to read about the email on my blog.

  • http://www.blogherald.com/2007/01/04/wordpress-cross-site-scripting-vulnerability-in-templatesphp-uncovered/ WordPress Cross Site Scripting Vulnerability in templates.php Uncovered at The Blog Herald

    [...] Tech Buzz lists the vulnerable versions (almost all versions prior to 2.06), and adds, A Cross-site scripting (XSS) vulnerability has been in found in wp-admin/template.php which could allow malicious web users to inject arbitary web scripts or HTML code through the file parameter. [...]

  • http://sw-guide.de/weblog/2007-01-04/eine-gute-und-eine-schlechte-neuigkeit-zu-wordpress/ Eine gute und eine schlechte Neuigkeit zu Wordpress — Software Guide

    [...] Bekannt ist diese Lücke wohl schon seit dem 27. Dezember, wie man bei dem Entdecker (?) Operation n nachlesen kann. techbuzz listet alle betroffenen stabilen WordPress-Versionen. [...]

  • http://chrislegend.net Chris

    Thanks for the heads up on this potential problem.

  • http://InternetMarketingCampus.com/?p=38 Internet Marketing Campus » Archive » Script Updates And Keeping Your Site Hacker Safe

    [...] WordPress template.php Exploit Discovered [...]

  • http://www.swiftcolour.com canvas prints

    thanks for the adive