Zero-Day WordPress Exploit? Probably Not

The blogosphere has been all a-Twitter about a WordPress security vulnerability. Known as the “” hack, it redirects blog hits with Google as the referrer to one of several spam sites.

According to Donncha O Caoimh of Automattic, this exploit took advantage of a vulnerability that has been fixed in the latest stable version of WordPress, 2.5.1. As he points out, although 2.5.1 sites have succumbed to the attack, the evidence so far is that they were compromised prior to being upgraded. O Caoimh has a thorough description of how to identify this hack, how to avoid hacks in general, and what to do to recover from a hack in general. If you manage a WordPress blog, you should read his post.

This topic has appeared in the WordPress bug tracker, on the support site, and a number of people have blogged about it.

Post a Comment

Your email is never published nor shared. Required fields are marked *