ATTN: WP users with version 2.1.1!!!

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • X37375787
    • Jul 2026

    #1

    ATTN: WP users with version 2.1.1!!!

    Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

    Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

    It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.
    Source

    Upgrade to 2.1.2 immediately!
  • X37375787

    #2
    Direct download link from wordpress.org

    Comment

    • TexasDreams
      former Miserable Admin :)
      • Oct 2003
      • 4700

      #3
      Oy vey! Bump for people that need to quickly upgrade.
      ICQ: 168-914-369 >>> sysop [at] TexasDreams [dot] com

      Comment

      • polle54
        Confirmed User
        • Jul 2004
        • 4626

        #4
        pretty critical, good someone found out about this pretty quick.
        ICQ# 143561781

        Comment

        • martinsc
          Too lazy to set a custom title
          • Jun 2005
          • 27047

          #5
          ouch
          Make Money

          Comment

          • Sosa
            In Tushy Land
            • Oct 2002
            • 40149

            #6
            2.1 is still ok from what I see? just 2.1.1 is bad?

            Comment

            • RawAlex
              So Fucking Banned
              • Oct 2003
              • 9465

              #7
              Only some 2.1.1 are bad. I downloaded it the day it came out, and the one I have is fine (no holes outside of the normal). This would appear to apply mostly if you have downloaded in the last few days.

              To be on the safe side, just upgrade. It takes a very few minutes.

              Comment

              • X37375787

                #8
                bumpsicles

                Comment

                Working...