MYSQL Injection Vulnerability in WordPress 3.0

Forum Moderators: open

Message Too Old, No Replies

MYSQL Injection Vulnerability in WordPress 3.0

Trying to figure out if anyone has any info on this...

wordfiend84

4:24 pm on Nov 30, 2010 (gmt 0)

Hi all,

Am new to WebmasterWorld, so excuse me if this is in the wrong place. I am creating a new series of blogs for a client utilizing WP and am curious about WordPress 3.0 Multisite..I am sure that it would be efficient for my project(s) but we had a previous security issue with Multisite on a past project. We identified it as a rogue MYSQL injection and rather than search out the offensive code, we just took out Multisite. I have found other reports of this vulnerability but am trying to ascertain how common this is and if there are any fixes available.

Thanks,

Ashley

castar

6:52 pm on Dec 13, 2010 (gmt 0)

I am curious about this as well.

JAB Creations

7:09 am on Jan 16, 2011 (gmt 0)

I cringe every time I see things posted like WordPress and innerHTML. I can't give you any existing software recommendations other then "not WordPress" as the code in WordPress is to put it in the most pleasant way possible, is ineffably atrocious. I wrote my own blog software according to my own high standards needs and haven't had any of the numerous problems that I had with WordPress; if you can't afford or have the time to develop your own blog software my best recommendation is to at least spend the time looking in to different blog software. I can tell you that if you do decide to move forward with WordPress and your clients decide they want plug-in A to work with theme B that you can expect insane bills to pay for the fixes to the mesh code.

- John