There’s been too many WordPress vulnerabilities for my liking. Fortunately they seem to be quick to patch but software updates are always a pain. How long before everyone starts to adopt Chrome’s auto update feature?
Luckily, I’m a fan of the Open Source Vuln Database which makes staying on top of security updates that matter to you easy. Using the OSVDB is as simple as creating an account and search alerts for any software you’re interested in. Here’s what I recently received regarding WP:Osama, new or updated vulnerabilities that match your search watch list have been foundSEARCH ID: 14
Disclosure Date: Apr 26, 2011Description: WordPress fails to properly validate uploaded files, allowing a remote attacker to upload a .phtml file with an appended extension (such as .gif) to execute arbitrary PHP code.