- Release date: November 11th, 2009
- Discovered by: Dawid Golunski
- Severity: Moderately High

Problem: WordPress  versions 2.85 and below allow unrestricted file uploads and arbitrary PHP code execution.

Impact: It is possible for a hacker to upload scripts that can be run on the server, view website source code which could allow them to see passwords and then gain access to databases.

Versions Affected: Very possibly all versions of WordPress including current hardened stable release 2.8.5 and beta versions.

Solutions:

This is fixed in version 2.8.6, make sure you are running the latest version.

LEGAL NOTICES
————————-
The information contained within this advisory is supplied “as-is” with no warranties or guarantees of fitness of
use or otherwise. I accept no responsibility for any damage caused by the use or misuse of this information.

Related posts:

1. Apache Shared Hosting Updates – 1/27/2010

Filed under: Search Engines, WordPress by admin