March 1, 2021
Hot Topics:

WordPress Zero-day Exploit Fixed

  • By Developer.com Staff

WordPress 3.0.2 has been out for a few days, if you haven't upgraded yet, you better do it soon.

There's a SQL injection vulnerability in the do_trackbacks() function of all versions of WordPress prior to version 3.0.2 that allows remote attackers to execute arbitrary SELECT SQL queries.

The do_trackbacks() function in wp-includes/comment.php does not properly escape the input that comes from the user, allowing a remote user with publish_posts and edit_published_posts capabilities to execute an arbitrary SELECT SQL query, which can lead to disclosure of any information stored in the WordPress database.

You can read all about the security hole here, but you might want to upgrade your WordPress installations first.

View Article

Originally published on https://www.developer.com.

This article was originally published on December 7, 2010

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date