I don’t believe there is anything in the wild, but Dr. Dave (of famed Spam Karma – of which I’m a big fan) has seen a proof of concept for it. He said that Geoff Eby, an acquaintance of his, showed him a proof of concept that was “insane.” So, I’m guessing by his word choice that this is very serious. There is probably some way to escalate privilege or something. In any case, here’s what you need to know to make sure you aren’t victimized.Go to “options” and make sure that “anyone can register” is turned off. Also, go to “Users” and make sure that there are no guest accounts, or any other account, that you have not authorized. You don’t want to unwittingly become a spambot. Don’t wait to change this – do it now!
[tags]WordPress security exploit, WordPress security, WordPress guest account[/tags]
