The current available version is 2.7.1 - but is the codebase you're working on
2.7.1? You never actually said.
I may have misinterpreted your question as Wordpress specific when you were
actually just wanted to know what that code snippet was up to. If the former,
I'd say you'd have more luck on the WP forums.
And yeah, all web apps require security updates. And the more popular an app,
the more reason people have to find holes in it and the more likely developers
will state how terrible the codebase is.
A
----- Original Message -----
From: chris burgess
To: nzphpug@googlegroups.com
Sent: Wednesday, March 11, 2009 10:46 AM
Subject: [phpug] Re: Wordpress: Security Fail?
If that's the exploit they used to attack /was/ fixed in WP2.2.3, released
in September 07 - probably reasonable to expect more than one bad guy to find a
vulnerable site in that timespan. Current version is 2.7.1 I think.
I don't know of any web apps that *don't* require occasional security updates
(here's a chance to show off your impeccable record!).
WP seems to have more than its fair share though :)
On Tue, Mar 10, 2009 at 4:39 PM, Aaron Cooper <supp...@zanzomedia.com> wrote:
http://www.buayacorp.com/files/wordpress/wordpress-sql-injection-advisory.html
See the bottom box and exploit code
--~--~---------~--~----~------------~-------~--~----~
NZ PHP Users Group: http://groups.google.com/group/nzphpug
To post, send email to nzphpug@googlegroups.com
To unsubscribe, send email to
nzphpug+unsubscr...@googlegroups.com
-~----------~----~----~----~------~----~------~--~---
