WordPress Station

WordPress

If you haven’t seen your dashboard, or caught this in an email, it’s is imperative that you read up, and take action. From Matt on the dev blog:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

This is a serious situation, and one not to be taken lightly. For those new to WordPress, you may want to read over the codex page on how to upgrade.

If you have any questions, you should visit the support forums, or feel free to contact me about the process.

Skippy reported in the WP forums that a security vulnerabilty had been found in the database back-up plugin. Subsequently, in the same thread, he posted back with a fix that had been “cooked up” by Ryan. At root the plugin could exploit a “directory traversal vulnerability”, if done by someone with admin privileges. Which, no one should be giving admin privileges to someone they don’t trust.
That said, an updated version can be downloaded here.

Kudos to Skippy for bringing this public as soon as he was aware, and kudos to the team for getting a quick fix to a popular plugin that’s bundled with the download.

Though many are capable of doing manual backups, the automatic backup is a handy feature, and one that can easily save some headache and time for those that have multiple blogs, or are just plain lazy like this blogger.

A lot of people have already posted, but in case you missed it WP has been bumped up to 2.0.3. Mostly a security and bug fix release, it did turn out it comes with a few new bugs as well. Rather than patch some files, the talented Mark Jaquith has created a plugin specifically for 2.0.3 to fix the bugs. So while updating, go over to his site and grab the plugin, and avoid any hassles down the road.
The next release (assuming nothing is else is broken in 2.0.3) will 2.1, and is shaping up to be an interesting release. I’m really looking forward to in the new way bookmarks are handled (including importing an OPML file as your bookmarks), as well as the ability to stick a page to the front, and designate another as your “blog” page. Several other “under the hood” concepts have been added, which should open up even more for plugin authors.