Comments on: wp-pass Redirect Vulnerability

By: How many times do I have to tell you? My wp-pass.php is patched!! | mou.me.uk

Wed, 13 Feb 2008 00:18:27 +0000

[...] been stopped by the fact I update my WordPress install regularly. The common trick is using the wp-pass.php vulnerability, which was apparently fixed in wp 2.2.2. Basically, my logs show a 404 from this [...]

By: SEO Cybernautix

SEO Cybernautix — Wed, 10 Oct 2007 16:35:35 +0000

Checking the server logs recently on one of my blogs showed me that this kind of attack is happening occasionally. I keep up to date and now running WP 2.2.3 and it gets declined and just get a 406 error.

By: Recommended site for WordPress security

Recommended site for WordPress security — Thu, 19 Jul 2007 12:17:16 +0000

[...] wp-pass.php redirection [...]

By: Abel Cheung

Abel Cheung — Wed, 18 Jul 2007 17:47:24 +0000

2 weeks are over, and no sign of any sort of fix landing in the repository. All WordPress people did for 2.2 branch is to bump PHP requirement from 4.1 to 4,2, fix glitch when removing link and adding new configuration option, and add some check of post content type.

Some preliminary check shows that not only the freely downloadable code base is vulnerable, but http://*.wordpress.com/ as well. Uhh…. this can be either good or bad depending on POV.

By: WordPress: Más vulnerabilidades de inyección de SQL en Buayacorp - Diseño y Programación

Fri, 13 Jul 2007 04:42:57 +0000

[...] que en estos días ando algo ocupado y sin muchas ideas para publicar, aprovecharé la oleada de reportes de seguridad en WordPress para comentar algunos bugs que todavía no están corregidos en la [...]

By: Start the Clock on WP 2.2.2 « Geof’s Relentless Kvetching About WordPress

Tue, 10 Jul 2007 14:05:27 +0000

[...] the Clock on WP 2.2.2 July 9th, 2007 There’s a vulnerability in WP 2.2.1. BlogSecurity is who brought it to my attention. After being burned by vulnerabilities before—and having gotten absolutely slammed over the [...]

By: Monoclipsian » Blog Archive » wp-pass Redirect Vulnerability: Possible Fix

Sun, 08 Jul 2007 05:23:00 +0000

[...] If you read about Wordpress bugs, you have probably seen the alert about wp-pass. In this post we’ll discuss a possible fix, that may help some people out. The vulnerability is present in version 2.2.1, so this fix will probably hold you over until 2.2.2 is released. You can read more on this over at BlogSecurity. [...]

By: pagvac

pagvac — Sat, 07 Jul 2007 12:41:46 +0000

There is also a very nasty cross-domain redirect on the latest version of Wordpress. I contacted security [ at ] wordpress.org about a week ago but no response yet :(

I will pass the details to David Kierznowski so we can post them @ blogsecurity.net

By: Del.icio.us bookmarks: Juni 30th - Juli 6th | Bloganbieter.de Blog

Del.icio.us bookmarks: Juni 30th - Juli 6th | Bloganbieter.de Blog — Sat, 07 Jul 2007 11:15:53 +0000

[...] BlogSecurity » wp-pass Redirect Vulnerability – [...]

By: Daniel

Daniel — Fri, 06 Jul 2007 11:10:27 +0000

Exciting times ahead maybe?