lucumr

Today they released a new Wordpress version and there are a few security fixes in. Because I don’t feel like upgrading I patched the holes myself, here what you should fix if you use wordpress:

Look for that in wp-includes/class-phpmailer.php:

$sendmail = sprintf("%s -oi -f %s -t", $this->Sendmail, $this->Sender);

Those **** forgot to escape shell commands, they forward it to popen a few lines later. How stupid…? Here’s however is the fix:

$sendmail = sprintf("%s -oi -f %s -t",
    $this->Sendmail, escapeshellarg($this->Sender));

Then once again the xmlrpc.php file. Either delete it or make a cron that downloads the the most recent one automatically. They upgrade more escaping bugs then they actually announce…

And in the kubrick theme (if you use it or a derived theme) there is an XSS whole, they don’t escape REQUEST_URI, just replace

<?php echo $_SERVER['REQUEST_URI']; ?>

with

<?php echo htmlspecialchars($_SERVER['REQUEST_URI']); ?>

And the most interesting part about this update: security updates are marked as “minor”, a missing “<em>” is marked as major…

Update: they just inverted the colors… my fault

This entry was posted on Thursday, June 21st, 2007 at 10:14 pm and tagged as security, wordpress, php. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.