Thursday, June 21, 2007

WordPress Flaw

Wincent Colaiuta:

This flaw should never have crept into the code base; it’s an elementary SQL injection attack. And once in the code base, it should have been caught by review. But it didn’t get caught, and the WordPress team sat on the fix for nearly a month before advising people to upgrade; during just over two of those weeks an exploit was widely disseminated.

Comments

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment