FYI...

- http://secunia.com/advisories/22683/
Release Date: 2006-11-02
Critical: Moderately critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
Software: WordPress 2.x ...
...The vulnerabilities have been reported in versions prior to 2.0.5.
Solution: Update to version 2.0.5.
Provided and/or discovered by: Reported by the vendor.
Original Advisory: http://wordpress.org/development/2006/10/205-ronan/ ..."



This post has been edited by AplusWebMaster: Jan 2 2007, 04:25 PM

FYI...

WordPress 2.0.5 vuln - fix available
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6808
Last revised: 1/2/2007
"...Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
Impact: CVSS Severity: 7.0 (High)
Range: Remotely exploitable ..."

> http://wordpress.org/support/topic/99128
Posted: 2007-01-02
... http://trac.wordpress.org/changeset/4665

FYI...

- http://secunia.com/advisories/23595/
Release Date: 2007-01-05
Critical: Highly critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
Software: WordPress 2.x
...The vulnerability is reported in versions prior to 2.0.6.
Solution: Update to version 2.0.6.
Original Advisory: http://wordpress.org/development/2007/01/wordpress-206/
January 5, 2007

- http://wordpress.org/download/
"The latest stable release of WordPress (Version 2.0.6)..."

- http://www.securityfocus.com/archive/1/456048

- http://www.securityfocus.com/archive/1/456049


This post has been edited by AplusWebMaster: Jan 5 2007, 01:27 PM

FYI...

Wordpress vuln - update available
- http://secunia.com/advisories/23912/
Release Date: 2007-01-29
Critical: Less critical
Impact: Exposure of system information, Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
...The vulnerability is reported in versions prior to 2.1.
Solution: Update to version 2.1*

WordPress (Version 2.1)
* http://wordpress.org/download/

- http://wordpress.org/development/
January 22, 2007
"...2.1 also includes over 550 bug fixes..."

.

FYI...

- http://secunia.com/advisories/24306/
Release Date: 2007-02-26
Critical: Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: WordPress 2.x
...The vulnerability is confirmed in version 2.1. Prior versions may also be affected.
Solution: Update to version 2.1.1..."

Download: http://wordpress.org/download/

FYI...

Wordpress 2.1.1 source backdoored!
- http://isc.sans.org/diary.html?storyid=2349
Last Updated: 2007-03-04 15:37:15 UTC ~ "The Wordpress development team has a notification up on their blog that version 2.1.1 of Wordpress has been compromised, and code was added which allows remote code execution. This happened during a user-level compromise of one of their servers. While not all 2.1.1 downloads have been affected, they advise that everyone running this version should upgrade to version 2.1.2 immediately. This version is fully verified and is not backdoored..."

- http://wordpress.org/development/2007/03/u...e-212/#more-199
"...It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution. This is the kind of thing you pray never happens, but it did and now we’re dealing with it as best we can. Although not all downloads of 2.1.1 were affected, we’re declaring the entire version dangerous and have released a new version 2.1.2* that includes minor updates and entirely verified files... We reset passwords for a number of users with SVN and other access, so you may need to reset your password** on the forums before you can login again."

* http://wordpress.org/download/
"...latest stable release of WordPress (Version 2.1.2)..."

** http://wordpress.org/support/

FYI...

> http://wordpress.org/download/
"The latest stable release of WordPress (Version 2.1.3) is available..."

- http://wordpress.org/development/
April 3, 2007 ~ "...This update is highly recommend for all users... These releases include fixes for several publicly known minor XSS issues, one major XML-RPC issue, and a proactive full sweep of the WordPress codebase to protect against future problems..."

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1893

.

This post has been edited by AplusWebMaster: Apr 10 2007, 03:43 AM

FYI...

- http://secunia.com/advisories/25345/
Release Date: 2007-05-21
Critical: Moderately critical
Impact: Manipulation of data, Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: WordPress 2.x
...The vulnerability is confirmed in version 2.1.3. Prior versions may also be affected.
Solution: Update to version 2.2 ..."

> http://wordpress.org/download/
"The latest stable release of WordPress (Version 2.2) is available..."

.

FYI...

WordPress vuln - update available
- http://secunia.com/advisories/25794/
Release Date: 2007-06-26
Critical: Moderately critical
Impact: Security Bypass, System access
Where: From remote
Solution Status: Vendor Patch
Software: WordPress 2.x, WordPress MU 1.x ...
The vulnerability is confirmed in WordPress 2.2 and reported in WordPress MU 1.2.2. Prior versions may also be affected.
Solution: Update to WordPress 2.2.1 or WordPress MU 1.2.3..."

- http://wordpress.org/download/
"The latest stable release of WordPress (Version 2.2.1)..."

- http://mu.wordpress.org/download/

FYI...

Wordpress 2.2.2 and 2.0.11
- http://wordpress.org/development/2007/08/w...s-222-and-2011/
August 5, 2007
"...two security-related releases available for both users of our main 2.2 branch and the legacy 2.0 branch. As these releases include only security and minor bugfixes they should not cause any plugin or theme compatibility issues.."

Download:
- http://wordpress.org/download/


.

FYI...

- http://secunia.com/advisories/26771/
Release Date: 2007-09-12
Critical: Moderately critical
Impact: Cross Site Scripting, Manipulation of data
Where: From remote
Solution Status: Vendor Patch
Software: WordPress 2.x, WordPress MU 1.x
...The vulnerabilities are reported in Wordpress prior to 2.2.3 and Wordpress MU prior to 1.2.5a.
Solution:
Update to Wordpress version 2.2.3 or Wordpress MU version 1.2.5a...

> http://wordpress.org/download/
"...latest stable release of WordPress (Version 2.2.3)..."

.

FYI...

WordPress (Version 2.3)
- http://wordpress.org/download/

Release notes:
- http://wordpress.org/development/
September 25, 2007 - "...This release includes native tagging support, plugin update notification, URL handling improvements, and much more..."

.

FYI...

WordPress Version 2.3.1
- http://wordpress.org/development/2007/10/wordpress-231/
October 26, 2007 - "WordPress 2.3.1 is now available. 2.3.1 is a bug-fix and security release for the 2.3 series. 2.3.1 fixes over twenty bugs... Unfortunately, some security issues were found in 2.3..."

- http://wordpress.org/download/

.

FYI...

- http://wordpress.org/development/2007/12/wordpress-232/
December 29, 2007 - "WordPress 2.3.2 is an urgent security release..."

WordPress Version 2.3.2 was comprised of security and bug fixes.
- http://codex.wordpress.org/Changelog/2.3.2

- http://wordpress.org/download/
"The latest stable release of WordPress (Version 2.3.2)..."

> http://secunia.com/advisories/28130/

.

This post has been edited by AplusWebMaster: Jan 24 2008, 08:26 AM

FYI...

WordPress 2.3.3 released
- http://wordpress.org/development/2008/
February 5, 2008 - "WordPress 2.3.3 is an urgent security release..."

WordPress Version 2.3.3 was comprised of security and bug fixes.
- http://codex.wordpress.org/Changelog/2.3.3

- http://wordpress.org/download/
"The latest stable release of WordPress (Version 2.3.3)..."

> http://secunia.com/advisories/28823/
Release Date: 2008-02-07

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0664
Last revised: 2/8/2008
----------------

WordPress MU vuln - update available
- http://secunia.com/advisories/28789/
Release Date: 2008-02-06
Critical: Moderately critical
Impact: Security Bypass, System access
Where: From remote
Solution Status: Vendor Patch
Software: WordPress MU 1.x
Solution: Update to version 1.3.2 or later...
> http://mu.wordpress.org/download/
The 1.3.3 version of WordPress MU is now available...

This post has been edited by AplusWebMaster: Feb 11 2008, 04:35 PM