是的,这意味着在2.0.4版本还没有发布之前,目前的所有版本都存在此严重安全漏洞。
目前发现的漏洞直接影响Wordpress的2.03及以下版本(包括1.5.x),此漏洞会造成任何已注册的评论者以Guest身份对系统造成严重的破坏。
如果你在用Wordpress的话,建议立即在option菜单中禁用“Anyone Can Register”选项。
同时也建议删除那些并没有发表评论却又成为subscriber(Guest)的用户,或者删除那些你并不认识的用户。
WordPress开发团队已经注意到此问题并希望能够尽快发布2.0.4版本来修复此安全漏洞。
Leaving it open and letting people sign-up for guest accounts on your WordPress blog could lead to incredibly nasty stuff happening if anybody so desired. And trust me I am not exaggerating this. So don’t wait a second to disable this option and please relay the message.
WordPress dev team has been notified a while back and I dare hope they will soon start acting on it, if only by relaying a similar announcement through the official channel (as well as, of course, releasing a proper patch).
消息来源:Dr Dave
Leave a Reply