Comments on: Wordpress template.php Exploit Discovered

By: Internet Marketing Campus » Archive » Script Updates And Keeping Your Site Hacker Safe

Fri, 18 May 2007 11:56:40 +0000

[...] WordPress template.php Exploit Discovered [...]

By: Chris

Chris — Thu, 11 Jan 2007 15:28:57 +0000

Thanks for the heads up on this potential problem.

By: Eine gute und eine schlechte Neuigkeit zu Wordpress — Software Guide

Eine gute und eine schlechte Neuigkeit zu Wordpress — Software Guide — Thu, 04 Jan 2007 22:19:11 +0000

[...] Bekannt ist diese LÃ¼cke wohl schon seit dem 27. Dezember, wie man bei dem Entdecker (?) Operation n nachlesen kann. techbuzz listet alle betroffenen stabilen Wordpress-Versionen. [...]

By: WordPress Cross Site Scripting Vulnerability in templates.php Uncovered at The Blog Herald

Thu, 04 Jan 2007 13:27:41 +0000

[...] Tech Buzz lists the vulnerable versions (almost all versions prior to 2.06), and adds, A Cross-site scripting (XSS) vulnerability has been in found in wp-admin/template.php which could allow malicious web users to inject arbitary web scripts or HTML code through the file parameter. [...]

By: Ashish Mohta

Ashish Mohta — Wed, 03 Jan 2007 18:23:08 +0000

Just wanted to add one more thing.I had a contact with Matt(Wordpress) on email , He confimred about the news.So its safe.You can get to read about the email on my blog.

By: Ashish Mohta

Ashish Mohta — Wed, 03 Jan 2007 18:13:03 +0000

Thx for highlighting me.I had been notifying other bloggers about it.

By: Lovedeep Wadhwa

Lovedeep Wadhwa — Wed, 03 Jan 2007 13:49:32 +0000

thanks for the update

By: WordPress XSS vulnerability in template.php * Stellify

WordPress XSS vulnerability in template.php * Stellify — Wed, 03 Jan 2007 11:34:57 +0000

[...] TechBuzz lists all WordPress versions that are in danger of this exploit, but the short story is unless you’re using 2.0.6 you’re not safe. And as far as I know that one hasn’t been released officially yet. It’s advised you patch the culprit file in the meantime. (Make sure to back those files up first!) * It’s so popular, in fact, that sneaky people are making money off of hinting at how you can use it to make your money. They obviously haven’t head of WP’s support community. [...]

By: Vyoma

Vyoma — Wed, 03 Jan 2007 04:23:09 +0000

Thanks boy! I just researched a bit and patched it up.

By: Ajay

Ajay — Wed, 03 Jan 2007 03:41:42 +0000

You mean existing… not exiting

By: Perfect Blogger

Perfect Blogger — Wed, 03 Jan 2007 01:12:32 +0000

Security Alert: templates.php XSS vulnerability in WordPress

Thanks to Thilak of TechBuzz, I’ve just learned about wp-admin/templates.php (part of your WordPress administration functionality) seems to be vulnerable to a rather nasty XSS exploit.

…

By: Zealios[dot]Net » Blog Archive » Wordpress Exploit.

Zealios[dot]Net » Blog Archive » Wordpress Exploit. — Wed, 03 Jan 2007 01:07:44 +0000

[...] Thanks to Tech-Buzz. [...]

By: Garry Conn

Garry Conn — Wed, 03 Jan 2007 00:09:46 +0000

Thilak,

What concerns me the most is that Wordpress.org hasn’t released anything about this yet. There isn’t anything posted on their blog and no official fixes. What more do you know about this and do you think that Wordpress.org knows about this?

By: Thilak

Thilak — Tue, 02 Jan 2007 19:50:17 +0000

Rishi: No, there won’t be a problem unless you are spotted by some attacker

By: TechnoBeta Blog

TechnoBeta Blog — Tue, 02 Jan 2007 17:36:22 +0000

[...] To learn more about this vulnerability, visit Operation N or Security Focus. Report via Tech-Buzz. [...]

By: Rishi

Rishi — Tue, 02 Jan 2007 17:36:14 +0000

Thanks for the update!

Is there any problem if we didnt replace the file?

By: Phalgun

Phalgun — Tue, 02 Jan 2007 16:35:03 +0000

Thanks Thilak to add my name.