Last month, we wrote Get ready now for WordPress 2.9 and beyond. If you haven’t upgraded yet, then this article from the official WordPress blog site should serve another warning.
The article is titled How to Keep WordPress Secure which I thought is very mildly titled considering its content. The article reported:
Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.
Matt who posted the security release further warned: “The only thing that I can promise will keep your blog secure today and in the future is upgrading.”
If that does not jolt you to upgrade, I don’t know what will.
You can read the full text of this WordPress security release here.
