WordPress Guest Account Security Exploit

By admin | Jul 28, 2006

header-logo.JPGI don’t believe there is anything in the wild, but Dr. Dave (of famed Spam Karma - of which I’m a big fan) has seen a proof of concept for it. He said that Geoff Eby, an acquaintance of his, showed him a proof of concept that was “insane.” So, I’m guessing by his word choice that this is very serious. There is probably some way to escalate privilege or something. In any case, here’s what you need to know to make sure you aren’t victimized.…Go to “options” and make sure that “anyone can register” is turned off. Also, go to “Users” and make sure that there are no guest accounts, or any other account, that you have not authorized. You don’t want to unwittingly become a spambot. Don’t wait to change this - do it now!

[tags]WordPress security exploit, WordPress security, WordPress guest account[/tags]



Related Posts:

Firefox 2.0.0.5 Password Vulnerability
Just a quick note to make you aware of a serious password vulnerability in Firefox 2.0.0.5. Over the weekend,...

W32/Delbot-AI Nirbot DNS Exploit
News is circulating about a new zero day exploit on Windows DNS servers that allows local system rights in the...

WYSIWYG Wordpress Editor
Joe Schmoe of Mudbomb has made a cool wysiwyg editor for wordpress. Instead of rehashing Joe's words, here they...

Wordpress Triple Posting Problem
Ok, so I've been having issues lately. No, I'm talking about my computer silly. If you subscribe to...

Wordpress Hacked
Here's a news bulletin if you haven't seen it.  One of Wordpress' servers were hacked.  Code within the 2.1.1 release...

Leave a Comment

If you would like to make a comment, please fill out the form below.

Name (required)

Email (required)

Website

Comments

© 2007 PaulTech Network, - Daily Blog Tips Themes