WordPress 2.1.1 Critical Security Alert – Download Upgrade to 2.1.2

»»»WordPress 2.1.1 Critical Security Alert – Download Upgrade to 2.1.2
WordPress developer community has labeled and classified the entire version 2.1.1 of WordPress release dangerous with serious security threat and unsafe to use in production environment. WordPress users who are using WordPress v2.1.1, especially those who just downloaded it over the last 4 or 5 days, should immediately download the latest version 2.1.2 of WordPress and upgrade their installation by overwriting all old files fully. Apparently, a hacker or cracker had managed to hack into a server hosting WordPress.org, and gained user-level access to modify the download file of WordPress to include security-comprised exploitable code.

According to WordPress blog:

It was determined that a cracker had gained user-level access to one of the servers that powers WordPress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP (theme.php and feed.php) to include code that would allow for remote PHP execution.

If you have any questions on this security hole, you can email 21securityfaq@wordpress.org.

Download and install the latest version of WordPress (version 2.1.2) from WordPress download page to patch the security hole. Or download from direct download link for ZIP file.

Update: WordPress 2.2 released for download.

By |2016-12-09T08:40:23+00:00December 9th, 2016|Categories: Web Publishing|Tags: |0 Comments

About the Author:

LK is a technology writer for Tech Journey with background of system and network administrator. He has be documenting his experiences in digital and technology world for over 15 years.Connect with LK through Tech Journey on Facebook, Twitter or Google+.