on
July 27th 2006 at 7:57 am in Through Darknet I discovered that apparently a vulnerability has been found in WordPress that could allow evil people to do nasty stuff. Details remain vague though, but according to Dr Dave, one should disable the Anyone can register thingy in the Options of their weblog to prevent the vulnerability being exploited.
The details are kept vague to prevent other bad guys (the skidiots) to exploit it. Logically, a bugfix release of WordPress (2.0.4) would give the bad guys the same information [they can compare the old with the new code and see what has changed]. I understand that the release of 2.0.4 is pending until the users have all disabled the option.
I noticed someone registering today on my wordpress blog and I wanted to find some info about it. That is how I ended up here. Apparently there are still some exploits even for newest wordpress.