Kabatology ~ Open Source, Linux

WordPress Security Threat: Old Versions Under Attack

By Martin Kaba • Sep 5th, 2009 • Filed under: Open-Source, Security, WordPress

There are reports that older versions of WordPress -- now at version 2.8.4, are exposed to security threats. Two clues provided by Lorelle on WordPress blog that your non-up-to-date WordPress blog is under attack; 1) Strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/ The keywords are “eval” and “base64_decode.”