Security - Exploits, KB, and Tickets
This page in response to *cough* a comment at the head of TRAC ticked #4973 (closed 5 months ago)
From: Daniel Cuthbert <firstname.lastname@example.org>
Date: Sep 13, 2007 3:05 PM
Subject: [WEB SECURITY] When the community takes action
Sigh, another Wordpress exploit and issue, no shock there!
Wordpress has a massive user-base, and it seems that the developers have little, or no, concept of any SDLC or basic secure development as every new release is met by a serious remote vulnerability that allows attackers to compromise the host blog in some form or manner.
In an ideal world, we'd see the lead developers saying they need help and asking the community for that help, but what happens when they don't?
I'm not saying become vigilantes or something, but something should be done to help projects like Wordpress act in a more socially responsible way.
- "Wordpress Script Insertion and SQL Injection Vulnerabilities" aka "Remote SQL Injection in WordPress and WordPress MU":
--bentrem 21:51, 4 February 2008 (UTC)