Hello,
i'm worried about the last security hole in the wordpress software. Is it working also on mu version?
Hello,
i'm worried about the last security hole in the wordpress software. Is it working also on mu version?
The recent news with the hacking attempts were on sites where people didn't upgrade.
ok, i know this.
Also on mu?
I've an installation of mu with some core code modified and an install of buddypress on it.
It's hard to me to update, may be easier to modify bugged function that's what i'm going to do if you confirm vulnerabilities also on mu.
thanks for quick reply!
I would also be very interested in this answer... Does anyone know if the hacking attempts work on MU installs with version < 2.8.4?
As far as I know, the bug exists on both MU and regular WordPress. Since so much code overlaps between WordPress and WordPress MU, you should always assume that any vulnerability in one exists in the other.
V. BUSINESS IMPACT
-------------------------
An attacker could exploit this vulnerability to compromise the admin
account of any wordpress/wordpress-mu <= 2.8.3
from: http://milw0rm.com/exploits/9410
mu is probably affected. Anyone known if blocking or changing reset password flow can avoid hacking attemps while planning for an upgrade?