Sucuri Blog

Website Security News

APRIL FOOLS: No Serious Security Vulnerability on WordPress 3.x – Remote Command Execution

This post was not real. It was an attempt at humor, as bad as it may seem. The post has been removed, and we understand the concerns. We truly apologize for misleading anyone. There is no vulnerability with WordPress 3.x. WordPress and its development team take serious all security considerations and do a great job of ensuring the WordPress security posture, we were not trying to undermine their hard work.

This is to be taken about as serious as most things on April 1st. Sorry for any inconvenience!

If you have any questions, please contact us at support@sucuri.net

About David Dede

David is a Security Researcher at Sucuri. He spends most of his time dissecting vulnerabilities and security issues. You won't find him on Twitter because he is paranoid about privacy.

Reader Interactions

Comments

  3. Unfunny

    I thought April Fools jokes were meant to be funny?

  6. Jane Wells

    The reason this isn’t funny is that the average WordPress user doesn’t know enough about code security to see that you’re joking, and we’ll spend the day telling people that no, this was not a real security issue, after they freak out because someone told them they read a security warning on a trusted site. Tack on an extra day to the development cycle of 3.2, folks.

  8. Great to see you guys get into the holiday spirit, unfortunately it’s a little like yelling fire in a movie theatre.

  9. It’s too easy to call this attempt at an Aprils Fools joke bad taste & blatant attempt to gather attention.

    No rather, this is an astounding level of irresponsibility by a purported security company. How do you expect customers to take you seriously after this?

    If I were you, I’d consider redacting this and posting a followup.

  10. Eric

    Once I saw the “carefully planned backdoor” comment I knew it was bogus and started to laugh. But then I thought of all my clients who would miss the joke. So funny for me, unfunny for the other 99% of the population who knows nothing about the internal workings of WP. Just a good reminder that everyone should take everything they hear on April 1 with a grain of salt. (The disclaimer should help soothe any lasting issues, too.)

  11. A classic April Fools joke would be more obviously a joke. The problem was that this doesn’t read like a joke to an uninformed person.

    In other words, it’s too subtle. Next time be more obvious about it.