Select Page

Prevent a WordPress Vulnerability Exploit – Upgrade to 2.6.2

Wordpress IconAre you running a WordPress site? Do you allow user registration on your WordPress site? If you do, you might want to upgrade your site or sites to the latest WordPress release, which is 2.6.2.  There is a vulnerability in WordPress versions prior to 2.6.2. This, however, affects you only if you allow user registrations into your WordPress site.

What vulnerability? Well, the person who disclosed the vulnerability, Stefan Esser, calls it the SQL Column Truncation Vulnerabilities. What is it? In plain English, it allows them bad people to sort of modify passwords of other existing users in the system.

Them bad people will still not be able to get into the system as other users, though. The new password is still unknown to them as it was randomly generated. However, it is still breakable with a little more effort since there is also a weakness in how the random password was generated.

What this does is basically annoy your users as they will then have to reset their passwords since it’s been changed by the bad people. Thus, if you don’t want your registered users and customers to be annoyed silly by these bad people who go around changing user passwords, I recommend that you upgrade your WordPress installation to 2.6.2

Do note that the SQL Column Truncation Vulnerability affects all application using MySQL as the backend database. Verify with your app vendor about this.