NewsWordPress Zero-day Exploit Fixed

WordPress Zero-day Exploit Fixed

Keith Vance
By Keith Vance

Developer.com content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

WordPress 3.0.2 has been out for a few days, if you haven’t upgraded yet, you better do it soon.

There’s a SQL injection vulnerability in the do_trackbacks() function of all versions of WordPress prior to version 3.0.2 that allows remote attackers to execute arbitrary SELECT SQL queries.

The do_trackbacks() function in wp-includes/comment.php does not properly escape the input that comes from the user, allowing a remote user with publish_posts and edit_published_posts capabilities to execute an arbitrary SELECT SQL query, which can lead to disclosure of any information stored in the WordPress database.

You can read all about the security hole here, but you might want to upgrade your WordPress installations first.

View Article





Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories

Developer.com features tutorials, news, and how-tos focused on topics relevant to software engineers, web developers, programmers, and product managers of development teams. In addition to covering the most popular programming languages today, we publish reviews and round-ups of developer tools that help devs reduce the time and money spent developing, maintaining, and debugging their applications. This includes coverage of software management systems and project management (PM) software - all aimed at helping to shorten the software development lifecycle (SDL).

Advertisers

Advertise with TechnologyAdvice on Developer.com and our other developer-focused platforms.

Advertise with Us

Menu

Our Brands

Property of TechnologyAdvice.
© 2022 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.