[ale] Wordpress Sites / Php Issues?

Simba simbalion-ale at tailpuff.net
Mon Aug 20 11:25:06 EDT 2018


The severity of this issue is being exaggerated in the article. It has
almost zero real-world potential.

It's being exaggerated because wanna-bes are constantly talking about
how insecure WordPress is (despite being the most commonly used web
software in existence), presumably because they think talking about that
will earn them credibility, but in fact the opposite happens.

To quote:

"After careful analysis and a review of available material, El Reg's
security desk has concluded claims of a "massive WordPress
vulnerability" are a load of tribble's testicles."



Simba Lion - https://tailpuff.net
https://keybase.io/simbalion

"Why is a raven like a writing desk?"

On 8/20/18 11:09 AM, DJ-Pfulio via Ale wrote:
> "WordPress hasn't issued a patch and we have no information about
> mitigation from the CMS vendor to go on either. During his presentation
> Thomas said that the "issue is only exposed to authenticated users...
> they are certainly not supposed to be able to execute [code]"."
> 
> https://www.theregister.co.uk/2018/08/20/php_unserialisation_wordpress_vuln/
> 
> Something seems to be up, but nobody has released a patch.
> Be aware.
> Be ready.
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> 



More information about the Ale mailing list