WordPress 2.1.1 download is compromised

According to a story in a March 5th story at CBC News, a cracker modified version of the WordPress blog software was made available for download ("Attacker adds vulnerability to WordPress blog software").  Users who downloaded version 2.1.1 over the past three or four days should immediately download and install 2.1.2.

The vulnerability inserted by the cracker, rated at the highest level of severity by Secunia ApS, might allow an attacker to retrieve passwords or alter and delete files.  


By Tom Olzak

Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be publish...