Friendly XSS-worm fixes your Wordpress installation

Got a message from the security expert beni which says that he has found 7 security issues with the blog platform Wordpress (latest version 2.2.1).

He has now created a friendly XSS-worm which uses this vulnerabilities to patch your system. More instructions how to do this in his blog-post.

Now that the flaws are known to the public there are a big risk of XSS-attacks happening. So you now got two options, wait for the official Wordpress-fix, or apply beni's fix to have an immidiate protection.

If you apply the patch from this recommendation, I am not responsible for any side affects this might have. But I trust beni, so I think you can go on with the patching. Just make sure you do a proper backup before you start.

More info

http://www.gnucitizen.org/blog/friendly-ajax-xss-worm-for-wordpress

Update: Wordpress has now released a security fix. Benjamin Flesch (beNi) is impressed it only took 6 days but, but not so happy they didn't mention him at first. They have now however put a thank you message in their blog post. Mission complete.

Security, XSS, Blogosphere

Comments

ty Wrote:

10:e Januari 2008

thanks for providing this information, i didn't know such a fix existed for these issues until now.
Please fill out all the fields.

*
*