Jason spotted a very serious security issue in WordPress that does’t seem to have been addressed properly even though it was reported back in September of last year.
Although the issue does not affect blogs like this one where registration is disabled it does affect a lot of high profile blogs that allow user registration.
If you’re running a WordPress blog either disable the public registration or patch your install
If you don’t you’re just asking for a clever spammer to write a bot to pull all the info from your WP install
Jan 06
Recent Feedback