WordPress 0 day exploit (version 3.0.1 and older)

We posted last week about the release of WordPress 3.0.2 that fixes a few security vulnerabilities.

Today, full details of the vulnerability and exploit code have been released. So if you haven’t upgraded yet, make sure to do so now (specially if your site has multiple authors).

“The do_trackbacks() function in wp-includes/comment.php does not properly escape the input that comes from the user, allowing a remote user with publish_posts and edit_published_posts capabilities to execute an arbitrary SELECT SQL query, which can lead to disclosure of any information stored in the WordPress database.”

Details here: http://www.vul.kr/wordpress-all-version-0day-exploit


Interested in WordPress security monitoring, visit http://sucuri.net.

Scan your website for free:
About David Dede

David Dede is a Security Researcher in the SucuriLabs group. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.