Fergie's Tech Blog

WordPress Distribution Compromised, Update Released

Via Netcraft.

A recent distribution of the popular blogging software WordPress was compromised during a server intrusion, the development team said late Friday. All WordPress users who have downloaded and installed version 2.1.1 are urged to immediately upgrade to version 2.1.2. Earlier versions of Wordpress are not affected.

"This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress," developer Matt Mullenweg wrote on the Wordpress blog. "The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened. It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. ... They modified two files in WP to include code that would allow for remote PHP execution."

The compromised code was distributed through the wordpress.org site for 3 to 4 days before the issue was detected. "Although not all downloads of 2.1.1 were affected, we’re declaring the entire version dangerous," said Mullenweg. "If your blog is running 2.1.1, please upgrade immediately and do a full overwrite of your old files, especially those in wp-includes. ... If you are a web host or network administrator, block access to 'theme.php' and 'feed.php', and any query string with 'ix=' or 'iz=' in it."

posted by Fergie @ 3/03/2007 11:42:00 AM