WordPress 2.6.3 Released

All in One SEO Pack Pro Version

     WordPress 2.6.3 was just released.  A vulnerability has been discovered today in the Snoopy library, which is what WordPress uses to retrieve the external content in the Dashboard.  WordPress officially states that this is low risk, though they have released an immediate update with no warning.  Only wp-includes/class-snoopy.php and wp-includes/version.php have been changed.
  
  According to Secunia, any input passed to the “_httpsrequest()” function isn’t properly sanitised before being used in an “exec()” call.  This can be exploited to inject arbitrary shell commands via a script calling the “fetch()” or “submit()” function with an URL controlled by the attacker.

Written by WordPress Professional

Semper Fi Web Design is a SDVOSB (Service Disabled Veteran Owned Small Business)
© 2010. All Rights Reserved. Semper Fi Web Design   |  Legal  |  Forum Terms of Service