Blogs

Wordpress 2.9.2 security update

http://core.trac.wordpress.org/ticket/11922

Release overview:
http://core.trac.wordpress.org/query?
status=closed&group=resolution&order=priority&milestone=2.9.2&resolution
=fixed

"In add_menu_page(), the callback function gets hooked unconditionally.
$access_level is ignored."

It is recommended to update all versions of Wordpress to the newest
version, 2.9.2. Running version 2.9.1 or earlier should be treated as:

Wordpress 2.9.2 security update

http://core.trac.wordpress.org/ticket/11922

Release overview:
http://core.trac.wordpress.org/query?
status=closed&group=resolution&order=priority&milestone=2.9.2&resolution
=fixed

"In add_menu_page(), the callback function gets hooked unconditionally.
$access_level is ignored."

It is recommended to update all versions of Wordpress to the newest
version, 2.9.2. Running version 2.9.1 or earlier should be treated as:

Tabnabbing phishing attack

http://searchbliss-webmaster.blogspot.com/2010/05/tabnabbing-new-phishin...

Apparently, when you move to another tab in your web browser, the tab you were originally using can detect that it has lost focus.  A malicious website can take the opportunity to load new content in the tab, change its title and appear to be a different website.

When you return, if you try to login using your credentials, you could be handing them over to a malicious source.

Pages