Welcome to WebmasterWorld Guest from

Forum Moderators: open

Message Too Old, No Replies

MYSQL Injection Vulnerability in WordPress 3.0

Trying to figure out if anyone has any info on this...

4:24 pm on Nov 30, 2010 (gmt 0)

New User

5+ Year Member

joined:Nov 30, 2010
posts: 2
votes: 0

Hi all,

Am new to WebmasterWorld, so excuse me if this is in the wrong place. I am creating a new series of blogs for a client utilizing WP and am curious about WordPress 3.0 Multisite..I am sure that it would be efficient for my project(s) but we had a previous security issue with Multisite on a past project. We identified it as a rogue MYSQL injection and rather than search out the offensive code, we just took out Multisite. I have found other reports of this vulnerability but am trying to ascertain how common this is and if there are any fixes available.


6:52 pm on Dec 13, 2010 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 18, 2004
votes: 0

I am curious about this as well.
7:09 am on Jan 16, 2011 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member jab_creations is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 26, 2004
votes: 22

I cringe every time I see things posted like WordPress and innerHTML. I can't give you any existing software recommendations other then "not WordPress" as the code in WordPress is to put it in the most pleasant way possible, is ineffably atrocious. I wrote my own blog software according to my own high standards needs and haven't had any of the numerous problems that I had with WordPress; if you can't afford or have the time to develop your own blog software my best recommendation is to at least spend the time looking in to different blog software. I can tell you that if you do decide to move forward with WordPress and your clients decide they want plug-in A to work with theme B that you can expect insane bills to pay for the fixes to the mesh code.

- John