WordPress Wednesday: WordPress Vulnerability in 2.0.5 Downwards

Techtites Daily: WordPress Wednesday

This is a different kind of WordPress tip, but a highly essential one. A little towards the end of last year, David Kierznowski discovered a minor security flaw, a flaw nonetheless in WordPress version 2.0.5. It is possible that all lower versions are affected as well.

It was notified to the WordPress team and Mark Jaquith was quick to respond with a fix.

However, there has been no public announcement of the vulnerability and a fix as well from the WordPress team, which is not only shocking but also extremely irresponsible on their part.
I do understand the reason of wanting to keep this all hush-hush would be to get out a release in time. But, something like this is bound to spill and it has. v2.0.6 is said to be not vulnerable, but that isn’t out yet!

Instead of getting a patch ready ASAP, the change has been made in the Trac system, which is beyond any non-programmer.

To get your installation patched open up templates.php in wp-admin.
Goto Line 114 and replace the entire line with:
echo "<li><a href='templates.php?file=" . attribute_escape($recent) . "'>" . wp_specialchars(get_file_description(basename($recent))) . "</a></li>";

I’m not sure if this is the exact fix because I get a Call to undefined function: attribute_escape() . I can’t edit any files out there. But, I believe I won’t be hacked ;)

Now to wait for 2.0.6 which I guess should be coming really soon.

Comments (5)
  1. Rishi January 3, 2007
  2. Mark Jaquith January 5, 2007
  3. Ajay January 5, 2007
  4. Mark Jaquith January 5, 2007
  5. Ajay January 5, 2007

Leave a Reply

%d bloggers like this: