{"id":230,"date":"2007-06-12T11:58:05","date_gmt":"2007-06-12T15:58:05","guid":{"rendered":"http:\/\/clay.blogdns.net\/?p=230"},"modified":"2007-06-19T10:48:12","modified_gmt":"2007-06-19T14:48:12","slug":"wordpress-22-users-beware","status":"publish","type":"post","link":"https:\/\/claymccauley.info\/index.php\/2007\/06\/12\/wordpress-22-users-beware\/","title":{"rendered":"WordPress 2.2 users beware"},"content":{"rendered":"<p>A zero-day exploit was posted to <a href=\"http:\/\/packetstormsecurity.org\/filedesc\/wp22xmlrpc-sql.txt.html\">PacketStorm<\/a> a few days ago for WordPress 2.2.  The vulnerability allows SQL code injection due to unchecked inputs in the xmlrpc.php file.  A patched version of this file has been <a href=\"http:\/\/trac.wordpress.org\/browser\/branches\/2.2\/xmlrpc.php?rev=5584&#038;format=raw\">posted to TRAC<\/a>, but no official update has yet been released.  If you&#8217;re running a WordPress 2.2 powered blog, I&#8217;d highly suggest applying this fix immediately.  It might not be a bad idea to take a look through your database as well.  There was a <a href=\"http:\/\/wordpress.org\/support\/topic\/120857\">discussion of this exploit<\/a> and the related fix on the WordPress support site, but I&#8217;m surprised that 5 days later there has still been no official mention of this on the WordPress dashboard.<\/p>\n<p><em>update:  <a href=\"http:\/\/boren.nu\/archives\/2007\/06\/16\/221-release-candidate\/\">A release candidate of 2.2.1<\/a> has been posted which fixes the xmlrpc bug  as well as a few others.  Hopefully we&#8217;ll see an official release of 2.2.1 soon&#8230;<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A zero-day exploit was posted to PacketStorm a few days ago for WordPress 2.2. The vulnerability allows SQL code injection due to unchecked inputs in the xmlrpc.php file. A patched version of this file has been posted to TRAC, but &hellip; <a href=\"https:\/\/claymccauley.info\/index.php\/2007\/06\/12\/wordpress-22-users-beware\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-230","post","type-post","status-publish","format-standard","hentry","category-tech"],"_links":{"self":[{"href":"https:\/\/claymccauley.info\/index.php\/wp-json\/wp\/v2\/posts\/230","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/claymccauley.info\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/claymccauley.info\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/claymccauley.info\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/claymccauley.info\/index.php\/wp-json\/wp\/v2\/comments?post=230"}],"version-history":[{"count":0,"href":"https:\/\/claymccauley.info\/index.php\/wp-json\/wp\/v2\/posts\/230\/revisions"}],"wp:attachment":[{"href":"https:\/\/claymccauley.info\/index.php\/wp-json\/wp\/v2\/media?parent=230"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/claymccauley.info\/index.php\/wp-json\/wp\/v2\/categories?post=230"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/claymccauley.info\/index.php\/wp-json\/wp\/v2\/tags?post=230"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}