[ALUG] Bug in Wordpress 3.7.2 and 3.8.2. bypass authentification
ta at geuka.net
ta at geuka.net
Wed Apr 23 10:14:01 EAT 2014
In the popular blog/CMS software Wordpress two bugs have been found:
The first bug is within the files "wp-admin/includes/post.php" and
"wp-admin/includes/class-wp-posts-list-table.php" making it possible to
publish postings without authorisation.
The second is found in the "wp_validate_auth_cookie()" function in file:
"wp-includes/pluggable.php" which enables an attacker to bypass the
cookie based authentication system.
http://www.securitytracker.com/id/1030071
Wordpress already released a update fixing this bugs. Update as soon as
possible.
More information about the Linux
mailing list