Remote Code Execution Vulnerability Hits Automattic's .Org WordPress Fork

A remote code execution vulnerability for the .Org WordPress fork has been reported (archived). At the core of this issue is Auttomattic's refusal to have their software do any sort of checking when comments are involved, a flaw which has left the bulk of WordPress blogs open to being used as DDoS participants. Because why would they fix structural problems? Why fix the grave structural problems making the software a public nuissance, when they can wait and patch particular problems only as they are exploited?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>