News from Finland in English

Critical WordPress vulnerability discovered in November 2014

Following the recent Drupal SQL injection vulnerability the Finnish security company is reporting that the system has a similar vulnerability - equally, if not worse than the Drupal vulnerability.

According to the company the exploit is done using the commenting function, which is enabled by default. The versions affected are all 3.x and 4.0 versions of WordPress.

Klikki has supposedly talked to WordPress maintainers about the issue in September 2014, but a fix has been harder than expected to produce.

The recent Drupal exploit and possibly a similar security issue in WordPress could be a serious blow to the credibility of Open Source products - imagine Android being hit by a massive worm.

Even if this report is false (a marketing stunt?), it should be a stark reminder that security and maintenance are still worth paying for when building your business on "free" products. 

Original WordPress vulnerability bulletin here (in Finnish):

UPDATE: This was indeed real and WordPress 4.0.1 is out. Read the bulletin from Klikki.

Written by Janita on Tuesday November 4, 2014
Permalink - Category: news - Tags: wordpress, security, vulnerability

« Finnish business man hoaxed by Nigerian scam letter? - Run WordPress on HTTP/2 »