I retired from personal blogging in July 2008.
But you can find me over at http://blog.xero.com.
Or something else nasty happened. Maybe WordPress was exploited.
You may have noticed I’ve been quiet for a few days but my WordPress site was crippled by some nasties.
There was hidden messages, pages deleted, links added in, couldn’t post. Horrible.
My regular WordPress dude has moved to Oz and I couldn’t even write a post to ask for help.
Siggy recommended local WordPress wiz Miraz who came in like a guardian angel and sorted me out. Thank you so much.
I’m now up to WordPress 2.3.3 (editor still doesn’t work in Safari).
Lots happening, posting flurry coming.
blog
It’s a jungle out there…
But do you really need THREE captchas?
Whoops. Sorry.
Looks like the vulnerabilities are still there, latest hole exposed.
WordPress — WordPress
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
Reference:- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1304
Just app not written with security and safety of the user in mind, look for patches from Wordpress.
No means listed to mitigate the risk
Regards Mike
Wordpress 2.5 is out, too - more safari friendly, I’m told. Mine is updating now
http://wordpress.org/development/2008/03/wordpress-25-brecker/