Select Page

Are you running a WordPress site? Do you allow user registration on your WordPress site? If you do, you might want to upgrade to WordPress 2.6.2 today.

There is a vulnerability in WordPress versions prior to 2.6.2. This, however, affects you only if you allow user registrations into your WordPress site.

What vulnerability? Well, the person who disclosed the vulnerability, Stefan Esser, calls it the SQL Column Truncation Vulnerabilities.

What is it? In plain English, it allows them bad people to sort of modify passwords of other existing users in the system.

Them bad people will still not be able to get into the system as other users, though. The new password is still unknown to them as it was randomly generated. However, it is still breakable with a little more effort since there is also a weakness in how the random password was generated.

What this does is basically annoy your users as they will then have to reset their passwords since it’s been changed by the bad people. Thus, if you don’t want your registered users and customers to be annoyed silly by these bad people who go around changing user passwords, I recommend that you upgrade to¬†WordPress 2.6.2.

Upgrading a WordPress website is really not difficult. As such, there really is no reason for you not to upgrade. Especially if you run a business on your WordPress website.

Do note that the SQL Column Truncation Vulnerability affects all application using MySQL as the backend database. Verify with your app vendor about this.