«
»

WP 2.2.2 and Theme Vulnerabilities

As you may have noticed, the fine folks at WordPress have released WP v2.2.2 into the (deuces) wild. I have taken the unusual step of upgrading RMFO-Blogs users first, rather than RMFO-Pro users. Why? Simply put, RMFO-Blogs has been getting hammered because of some Cross-Site Scripting Vulnerabilities in themes. As a result of these vulnerabilities, I made use of the WordPress scanner at BlogSecurity.net to check all activated themes as I did the upgrades. If your theme was vulnerable, I moved you to the WordPress Default theme for the time being.

There is a discussion topic on the Rumor Forum on how to fix your themes. I’m happy to help you do it, but I didn’t have time to do the fixes while trying to secure the server. Having a secure server was far more important to me than having everyone’s theme look pretty today.

2117 CDT: All RMFO-Pro users are now up-to-date.

This entry was posted on Monday, August 6th, 2007 at 2:36 pm and is filed under Site Announcements. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “WP 2.2.2 and Theme Vulnerabilities”

  1. Chris Hubbs says:
    8/6/2007 at 3:27 pm

    Having a secure server was far more important to me than having everyone’s theme look pretty today.

    I, for one, approve of this choice.

    Like my approval means anything. ;-)

  2. Kathleen says:
    8/6/2007 at 7:45 pm

    I tried to follow the link to read the discussion topic on the forum… but it was off limits to me.

  3. Geof F. Morris says:
    8/6/2007 at 9:19 pm

    I’ll fix that for you, Kathleen.

  4. Kathleen says:
    8/6/2007 at 10:44 pm

    Danke!

Leave a Reply