Upgrade your Wordpress 2.1.1 into 2.1.2 ASAP

It seems there’s another update for Wordpress 2.1.x users, unfortunately this time is a serious upgrade. Because the Wordpress 2.1.1 files has been tampered by unknown person. Here’s the story :

This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution. – Full Story

As always .. if there’s a wordpress update. I always check the Mark Jaquith site first to see if he is already released the small upgrade pack files for wordpress or not (this is really handy to those who’s using slow connection like myself for an example) .. but this time .. he’s not releasing the small upgrade pack :P (by the look of this post) ..

Anyway if you’re using Wordpress 2.1.1 whether you get it from the first release of 2.1.1 or not .. you should upgrade your wordpress installation into 2.1.2 because it’s already contain another fix for the recent XSS vulnerabilities on WP 2.1.1 (Ticket #3789) and some other fix as well (Ticket #3759)