News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
October 31, 2014, 08:56:38
Pages: 1 2 3 [4] 5 6   Go Down
  Print  
Topic: WordPress update available  (Read 29849 times)
0 Members and 1 Guest are viewing this topic.
« Reply #45 on: March 16, 2011, 20:15:24 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress v3.1...
- http://wordpress.org/news/2011/02/threeone/
"... fourteenth release of WordPress is now available... Version 3.1 is available for download*, or you can update from within your dashboard..."

* http://wordpress.org/download/

- http://codex.wordpress.org/Changelog/3.1

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0701
Last revised: 03/15/2011

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #46 on: April 06, 2011, 02:55:58 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress v3.1.1 released
- http://wordpress.org/download/
April 5, 2011 - "The latest stable release of WordPress (Version 3.1.1) is available..."

- http://wordpress.org/news/2011/04/wordpress-3-1-1/
April 5, 2011 - "... This maintenance and security release fixes almost thirty issues* in 3.1... We suggest you update to 3.1.1 promptly. Download 3.1.1 or update automatically from the Dashboard > Updates menu in your site’s admin area."

* http://core.trac.wordpress.org/query?status=closed&resolution=fixed&milestone=3.1.1&group=resolution&order=priority
___

- http://www.securitytracker.com/id/1025299
Apr 6 2011

- http://secunia.com/advisories/44038/
Release Date: 2011-04-07
Criticality level: Moderately critical
Impact: Cross Site Scripting, DoS
Where: From remote...
Solution: Update to version 3.1.1.
Original Advisory: WordPress:
http://wordpress.org/news/2011/04/wordpress-3-1-1/

 Exclamation
« Last Edit: April 07, 2011, 04:11:09 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #47 on: April 26, 2011, 17:26:10 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress v3.1.2 released
- http://wordpress.org/download/
April 26, 2011 - The latest stable release of WordPress (Version 3.1.2) is available... To download WordPress 3.1.2, update automatically from the
Dashboard > Updates menu in your site's admin area or visit
http://wordpress.org/download/release-archive/

- http://wordpress.org/news/2011/04/wordpress-3-1-2/
WordPress 3.1.2 is now available and is a security release for all previous WordPress versions. This release addresses a vulnerability that allowed Contributor-level users to improperly publish posts...

- http://codex.wordpress.org/Version_3.1.2

- http://core.trac.wordpress.org/query?status=closed&resolution=fixed&milestone=3.1.2&group=resolution&order=priority

- http://secunia.com/advisories/44372/
Release Date: 2011-04-27
Impact: Security Bypass
Where: From remote
Solution: Update to version 3.1.2.

 Exclamation
« Last Edit: April 27, 2011, 03:31:28 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #48 on: May 19, 2011, 09:54:25 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress for iOS v2.8 released
- http://ios.wordpress.org/2011/05/18/big-update-wordpress-for-ios-2-8-available-today/
18 May 11

- http://translate.wordpress.org/projects/ios/dev

- http://ios.trac.wordpress.org/query?status=closed&group=resolution&milestone=2.8

- http://itunes.apple.com/us/app/wordpress/id335703880?mt=8
"... app is designed for both iPhone and iPad."

.
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #49 on: May 26, 2011, 09:50:36 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress v3.1.3 released
- http://wordpress.org/download/
May 25, 2011 - "The latest stable release of WordPress (Version 3.1.3) is available..."

- http://www.securitytracker.com/id/1025571
May 26 2011 - "... prior to 3.1.3"

- http://secunia.com/advisories/44409/
Last Update: 2011-05-27
Criticality level: Moderately critical
Impact: Cross Site Scripting, Exposure of system information, System access
Where: From remote
Solution: Update to version 3.1.3...

- http://wordpress.org/news/2011/05/wordpress-3-1-3/
"WordPress 3.1.3 is available now and is a security update for all previous versions..."

- http://codex.wordpress.org/Version_3.1.3
"... To download WordPress 3.1.3, update automatically from the Dashboard > Updates menu in your site's admin area..."

- http://core.trac.wordpress.org/query?status=closed&resolution=fixed&milestone=3.1.3&group=resolution&order=priority

 Exclamation
« Last Edit: May 30, 2011, 12:58:23 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #50 on: June 23, 2011, 07:34:37 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress WPtouch Plugin - Backdoor Security Issue
- http://secunia.com/advisories/45005/
Release Date: 2011-06-23
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution Status: Vendor Patch ...
... compromised source files were distributed on June 21st, 2011 and possibly prior.
Solution: Update to version 1.9.29.
Original Advisory: http://wordpress.org/news/2011/06/passwords-reset/

WordPress W3 Total Cache Plugin - Backdoor Security Issue
- http://secunia.com/advisories/45021/
Release Date: 2011-06-23
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution Status: Vendor Patch ...
... compromised source files were distributed on June 21st, 2011 and possibly prior.
Solution: Manually install version 0.9.2.3 downloaded after June 21st, 2011.
Original Advisory: http://wordpress.org/news/2011/06/passwords-reset/

WordPress AddThis Plugin - Backdoor Security Issue
- http://secunia.com/advisories/45027/
Release Date: 2011-06-23
Criticality level: Highly critical
Impact: System access
Where: From remote ...
Solution Status: Vendor Patch ...
... compromised source files were distributed on June 21st, 2011 and possibly prior.
Solution: Manually install version 2.2.0 downloaded after June 21st, 2011.
Original Advisory: http://wordpress.org/news/2011/06/passwords-reset/
___

>> http://nakedsecurity.sophos.com/2011/06/22/wordpress-plugins-trojanised-spotted-fixed/
June 22, 2011

 Exclamation Exclamation Exclamation
« Last Edit: June 24, 2011, 04:25:05 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #51 on: June 30, 2011, 05:17:50 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress v3.1.4 released
- http://wordpress.org/download/
June 29, 2011 - "The latest stable release of WordPress (Version 3.1.4) is available..."

- http://wordpress.org/news/2011/06/wordpress-3-1-4/
June 29, 2011 - "WordPress 3.1.4 is available now and is a maintenance and security update for all previous versions. This release fixes an issue that could allow a malicious Editor-level user to gain further access to the site..."

- http://codex.wordpress.org/Version_3.1.4
___

- http://www.securitytracker.com/id/1025737
Jun 30 2011
... prior to 3.1.4...

 Exclamation Exclamation
« Last Edit: July 01, 2011, 04:21:02 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #52 on: July 05, 2011, 10:55:33 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress v3.2 released
- http://wordpress.org/download/
July 4, 2011 - "The latest stable release of WordPress (Version 3.2) is available..."

- http://wordpress.org/news/2011/07/gershwin/
"... The focus for this release was making WordPress faster and lighter... refreshed dashboard design that tightens the typography, design, and code behind the admin... Under the hood there have been a number of improvements, not the least of which is the streamlining enabled by our previously announced plan of retiring support for PHP4, older versions of MySQL, and legacy browsers like IE6, which allows us to take advantage of more features enabled by new technologies..."

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #53 on: August 04, 2011, 04:55:27 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress add-on application vulnerability

TimThumb v1.34 released
- http://secunia.com/advisories/45416/
Last Update: 2011-08-04
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
... The weakness is reported in versions prior to 1.34.
Solution: Update to version 1.34...

> http://www.binarymoon.co.uk/projects/timthumb/
TimThumb PHP Image Resizer - "... use across the WordPress world..."
___

- https://www.us-cert.gov/current/#wordpress_themes_vulnerability
August 3, 2011

- http://blog.sucuri.net/2011/08/timthumb-security-vulnerability-list-of-themes-including-it.html
August 3, 2011

 Exclamation
« Last Edit: August 08, 2011, 15:09:27 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #54 on: November 03, 2011, 13:55:28 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



This is a "bump", because of this:

> https://blog.avast.com/2011/10/31/following-wordpress-into-a-blackhole/
October 31st, 2011 - "... The bad guys are using a security vulnerability in non-updated TimThumb. This allows attackers to upload and execute arbitrary PHP code in the TimThumb cache directory which will download other malicious files. But this is not the only way for example they use stolen passwords to direct FTP changes..."

- http://h-online.com/-1370897
3 November 2011 - "... criminals are exploiting a critical hole in the TimThumb WordPress add-on to deploy malicious code on a large scale. Avast says that it blocked more than 2,500 infected sites in September and anticipates a similar number in October. The attackers install the professional BlackHole exploit framework on the affected servers. The framework then tries to infect visitors to the WordPress blog with malicious code by trying out various vulnerabilities in the visitor's browser and installed plug-ins..."

- http://blog.sucuri.net/2011/10/timthumb-php-mass-infection-aftermath-part-i.html
October 28, 2011
You can check your site for -FREE- here: http://sitecheck.sucuri.net/scanner/
___

TimThumb v1.34 released
- http://secunia.com/advisories/45416/
Last Update: 2011-08-04
Criticality level: Highly critical
Impact: Security Bypass, System access
Where: From remote
... The weakness is reported in versions prior to 1.34.
Solution: Update to version 1.34...

> https://www.us-cert.gov/current/archive/2011/08/03/archive.html#wordpress_themes_vulnerability
August 3, 2011

 Sad
« Last Edit: November 03, 2011, 14:23:42 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #55 on: December 13, 2011, 21:12:29 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress v3.3 released
- https://wordpress.org/download/
December 12, 2011 Stable Download - "The latest stable release of WordPress (Version 3.3) is available ..."

- https://wordpress.org/news/2011/12/sonny/

Changelog/3.3
- https://codex.wordpress.org/Changelog/3.3

- https://codex.wordpress.org/Version_3.3

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #56 on: December 29, 2011, 09:38:02 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress Connections plugin vuln - updates available
- https://secunia.com/advisories/47390/
Release Date: 2011-12-29
Criticality level: Moderately critical
Impact:   Unknown
Where: From remote...
Solution... Connections Changelog:
http://wordpress.org/extend/plugins/connections/changelog/
Latest: 0.7.2.2 - 12/25/11
0.7.1.6 - 06/15/2011 > Fixes security vulnerability
Requires: 3.2 or higher
Compatible up to: 3.3
Last Updated: 2011-12-26

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #57 on: January 04, 2012, 11:20:08 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress v3.3.1 released
- https://wordpress.org/download/
January 3, 2012 - "The latest stable release of WordPress (Version 3.3.1) is available..."

WordPress 3.3.1 Security and Maintenance Release
- https://wordpress.org/news/2012/01/wordpress-3-3-1/
January 3, 2012 - "This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3..."

- https://core.trac.wordpress.org/query?status=closed&resolution=fixed&milestone=3.3.1&group=resolution&order=priority
___

- http://h-online.com/-1403297
4 January 2012
___

- http://www.securitytracker.com/id/1026542
CVE Reference: CVE-2012-0287
Date: Jan 19 2012
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Version(s): 3.3
Solution: The vendor has issued a fix (3.3.1)...

 Exclamation
« Last Edit: January 23, 2012, 06:19:48 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #58 on: April 21, 2012, 07:46:22 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress v3.3.2 released
- https://wordpress.org/download/
April 20, 2012 - "The latest stable release of WordPress (Version 3.3.2) is available..."

- https://wordpress.org/news/2012/04/wordpress-3-3-2/
April 20, 2012 - "WordPress 3.3.2 is available now and is a security update for -all- previous versions. Three external libraries included in WordPress received security updates:
> Plupload (version 1.5.4), which WordPress uses for uploading media.
> SWFUpload, which WordPress previously used for uploading media, and may still be in use by plugins.
> SWFObject, which WordPress previously used to embed Flash content, and may still be in use by plugins and themes...
... also addresses:
> Limited privilege escalation where a site administrator could deactivate network-wide plugins when running a WordPress network under particular circumstances...
> Cross-site scripting vulnerability when making URLs clickable...
> Cross-site scripting vulnerabilities in redirects after posting comments in older browsers, and when filtering URLs...
These issues were fixed by the WordPress core security team. Five other bugs were also fixed in version 3.3.2..."

Changelog:
- https://core.trac.wordpress.org/log/branches/3.3?rev=20552&stop_rev=20087
___

- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2399 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2400 - 10.0 (HIGH)
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2401 - 5.0
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2402 - 5.5
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2403 - 4.3
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2404 - 4.3
Last revised: 04/23/2012 - "... WordPress before 3.3.2..."

- http://h-online.com/-1545416
23 April 2012

- https://secunia.com/advisories/48957/
Release Date: 2012-04-23
Criticality level: Moderately critical
Impact: Security Bypass, Cross Site Scripting
Where: From remote
... vulnerabilities are reported in versions prior to 3.3.2.
Solution: Update to version 3.3.2.

 Exclamation Exclamation
« Last Edit: April 23, 2012, 10:50:35 by AplusWebMaster » Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
« Reply #59 on: June 14, 2012, 06:46:35 »
AplusWebMaster Offline
Global Moderator WWW

Karma: 501
Posts: 8367



FYI...

WordPress v3.4 released
- https://wordpress.org/download/
June 13, 2012 - "The latest stable release of WordPress (Version 3.4) is available..."

- https://wordpress.org/news/2012/06/green/

- https://codex.wordpress.org/Version_3.4

 Exclamation
Logged

This machine has no brain.
....... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
 
Pages: 1 2 3 [4] 5 6   Go Up
  Print  
 
Jump to:  

Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 2.841 seconds with 19 queries.