Worm attacks WordPress blog software

By Justin Mann on
Serving as a stern reminder of why it's important to keep desktop as well as server software up to date, a new worm can reportedly infect certain versions of the WordPress blog software. WordPress announced the discovery today, saying that a security bug which has already been fixed is now being exploited in the wild.

The worm is able to attack versions of WordPress prior to 2.8.4 and its immediate predecessor. Version 2.8.4 was released in early August to specifically address this flaw, which results in a password reset of WordPress accounts and allows someone to take control of the admin account. Doing so would give the person access to further information, as well as the ability to wreak havoc on the blog itself.

Though the vulnerability was initially published several weeks ago, this is the first report of malware specifically identifying and trying to exploit it. The WordPress developer is concerned that many servers are still running old versions, which puts them at risk. If you're maintaining a WordPress server that's behind on updates, consider this a heads up.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.