Mashable reports that old versions of WordPress are being targeted by a worm using a vulnerability in the system. Matt Mullenweg writes on the official WordPress blog that
“This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.”
Once your system is compromised, the worm inserts links to malware and spam into old posts, which could get you removed from Google if they are not removed.
Update: lorelle.wordpress.com has a post detailing how to find out if you have been attacked and what to do in that case.
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.