I hope this post will serve as a warning to WordPress users regarding an exploit found in WordPress 2.0.5 and below which allows remote attackers to inject arbitrary web script or HTML via the file parameter and has been classified as a 7.0 (High) risk issue (Refer National Vulnerability Database).
This loophole is expected to be patched for WordPress 2.0.6 and apparently, those who are using WordPress 2.0.5 and below are exposed to the threat. It is advisable to patch the loophole by updating the template.php file in wp-admin. Please see the latest patch for patching purpose and make sure you back up your wordpress files before performing any updates.
You can get more details and updates of this threat from Operation n and
Technospot.net
Technorati Tags: security, wordpress loophole, exploit, patch
Pingback: Eches Blog » Wordpress 2.0.6 upgrade