Tag Archives: wordpress


今天WordPress更新到2.8.6,更新日志如下: Fixed an XSS vulnerability in Press This  (修正了press-this.php的XSS漏洞) Fixed issue with sanitizing uploaded file names that can be exploited in certain Apache configurations  (修正上传特殊文件名可能引起Apache溢出的漏洞) 改动的文件列表: wp-admin\press-……阅读全文

wordpress 2.8.5发布

■Fix for trackback DOS ■Removal of permalink_structure eval ■Remove some create_function() calls ■Disallow unfiltered uploads by default, even for admins. Enable it again with define(‘ALLOW_UNFILTERED_UPLOADS’, true); in wp-config.php ■Add extra escapes here and there for some backside cove……阅读全文

Wordpress 2.8.4 正式推送

今晚回来发现2.8.4开始通过后台推送了,到各个友链去看了看,基本上都是这条消息作为头条。 下面是官方的更新说明: Yesterday a vulnerability was discovered: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the……阅读全文