Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Wordpress 2.1.1 source backdoored SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Wordpress 2.1.1 source backdoored

The Wordpress development team has a notification up on their blog that version 2.1.1 of Wordpress has been compromised, and code was added which allows remote code execution. This happened during a user-level compromise of one of their servers.

While not all 2.1.1 downloads have been affected, they advise that everyone running this version should upgrade to version 2.1.2 immediately. This version is fully verified and is not backdoored.

By way of mitigation, hosting providers that are not aware of the Wordpress versions running across their user base may wish to block access to theme.php and feed.php with a query string of 'ix=' or 'iz='.

More information: Wordpress.org

Maarten

158 Posts
Mar 4th 2007

Sign Up for Free or Log In to start participating in the conversation!