Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: SQL Injection: Wordpress 3.0.2 released - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SQL Injection: Wordpress 3.0.2 released

 Wordpress has released a new version, 3.0.2, to fix a SQL injection flaw.  This flaw is in all previous versions of the codebase according to reports, which means that if you are running Wordpress, you must update.  This exploit is possible with author-level permissions but personally I would not depend on this to protect myself.  More information is available here.


6 Posts
Dec 2nd 2010
FYI, Wordpress is now at version 3.0.3 to fixe issues in the XML-RPC remote publishing interface which under certain circumstances allowed Author- and Contributor-level users to improperly edit, publish or delete posts (

Sign Up for Free or Log In to start participating in the conversation!