FYI...

WordPress v2.8.4 released
- http://wordpress.org/download/
August 12, 2009 - "The latest stable release of WordPress (Version 2.8.4) is available..."

- http://secunia.com/advisories/36237/2/
Release Date: 2009-08-12
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
Software: WordPress 2.x
Solution: Update to version 2.8.4...
Original Advisory: WordPress:
http://wordpress.org/development/2009/08/2...curity-release/

FYI...

- http://news.cnet.com/8301-1009_3-10345900-83.html
September 5, 2009 - "A worm is circulating that can post malware and spam to some WordPress blogs using outdated versions of the blogging software... The vulnerability allowing the attack was discovered August 11, at which point WordPress encouraged users to upgrade to version 2.8.4... The worm does not affect the current version 2.8.4 and the one prior to it. And it only affects people who host their own WordPress blog. Blogs hosted on WordPress.com are unaffected..."

- http://wordpress.org/development/2009/09/k...rdpress-secure/
September 5, 2009

- http://securitylabs.websense.com/content/Blogs/3472.aspx
09.09.2009



This post has been edited by AplusWebMaster: Sep 9 2009, 11:37 AM

FYI...

WordPress v2.8.5 released
- http://wordpress.org/download/
October 20, 2009 - "The latest stable release of WordPress (Version 2.8.5) is available..."

- http://wordpress.org/development/2009/10/w...dening-release/
"... changes in this release are:
• A fix for the Trackback Denial-of-Service attack that is currently being seen.
• Removal of areas within the code where php code in variables was evaluated.
• Switched the file upload functionality to be whitelisted for all users including Admins.
• Retiring of the two importers of Tag data from old plugins.
We would recommend that all sites are upgraded to this new version of WordPress to ensure that you have the best available protection. If you think your site may have been hit by one of the recent exploits and you would like to make sure that you have cleared out all traces of the exploit then we would recommend that you take a look at the WordPress Exploit Scanner*..."
* http://wordpress.org/extend/plugins/exploit-scanner/

- http://secunia.com/advisories/37088/2/
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: WordPress 2.x
Solution: Update to version 2.8.5...



This post has been edited by AplusWebMaster: Oct 21 2009, 01:49 AM

FYI...

WordPress Exploit Scanner
- http://wordpress.org/extend/plugins/exploit-scanner/
• Version: 0.6
• Last Updated: 2009-11-4
• Requires WordPress Version: 2.7.1 or higher
• Compatible up to: 2.8.5

FYI...

WordPress v2.8.6 released
- http://wordpress.org/download/
"The latest stable release of WordPress (Version 2.8.6) is available..."

- http://secunia.com/advisories/37332/2/
Release Date: 2009-11-13
Critical: Less critical
Impact: Cross Site Scripting, System access
Where: From remote
Solution Status: Vendor Patch
Software: WordPress 2.x ...
Solution: Update to version 2.8.6...
Original Advisory:
http://wordpress.org/development/2009/11/w...curity-release/
November 12, 2009 - "2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges. If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended. The first problem is an XSS vulnerability... The second problem... is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations..."