There are reports that older versions of WordPress -- now at version 2.8.4, are exposed to security threats. Two clues provided by Lorelle on WordPress blog that your non-up-to-date WordPress blog is under attack; 1) Strange additions to permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/ The keywords are “eval” and “base64_decode.”
WordPress 2.8.4 is an important update given that it fixes a security bug. The bug can be exploited by hackers this way: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a […]
An unexpected upgrade of the WordPress blogging platform has been released. WordPress 2.8.1 was released roughly two weeks ago, and nobody expected WordPress 2.8.2 to come out so soon. The upgrade or security patch fixes an XSS vulnerability. The upgrade note says the vulnerability could be exploited this way: “Comment author URLs were not fully […]
WordPress 2.8 code-named Baker is now available for download. This full release comes with a bunch of bug fixes – – over 790 bugs, widgets, taxonomies, improvements to themes and overall speed. The upgrade bar at the top of the WordPress Dashboard that says “Word 2.8 is available! Please update now” is not yet available, […]
Diggbar or DiggToolbar is a virtual toolbar that sits on top of all articles/stories linked from Digg.com. It puts your webpage inside a permanent IFRAME, so when you navigate to another webpage, the toolbar remains on top.