Jun 21, 2007
WordPress 2.2.1
WordPress 2.2.1 has been released, which includes many fixes for bugs that sprung up, and most importantly of all, fixes a few rather major security holes:
- Remote shell injection in PHPMailer, which was basically something not wrapped in
escapeshellarg(). Unfortunately, PHPMailer seems to be no longer maintained, so looks like WordPress is going to have to maintain it, or switch to another library. - Remote SQL injection in our XML-RPC implementation.
- An unescaped attribute in Kubrick’s
functions.php.
As always, it’s recommended you download it now.
No Comments, Comment or Ping
Reply to “WordPress 2.2.1”