Serious flaw in Wordpress 2.0.3 and below
For my blogging friends out there using Wordpress, take serious note of this post from Darknet. Seems like all versions of Wordpress below 2.0.3 are vulnerable (2.0.4 should be coming out very soon) to a flaw in the Subscriber functionality. If you require people to register before they can comment, then you need to make sure you turn off the “anyone can register” option and delete any subscribers you do not not know personally or who have never posted or have not posted for a long time (personally, I don’t require people to subscribe to comment – you might consider either turning off comments or not requiring membership untiol 2.0.4 comes out).
In Wordpress under the wp-admin page, go to Options and General. There is a Membership section where the choice is located. Uncheck and save, then wait for 2.0.4 and upgrade ASAP.Â
And don’t forget to backup before you upgrade. I use a plugin from here to backup.
Vet
