Abe Olandres posted the warning in his blog, there is a security update for WordPress 220.127.116.11 if your web server runs register_globals = on in the PHP configuration.
What got my attention was the WordPress warning that “Perl and PHP code exist to automatically exploit vulnerable WP 18.104.22.168 sites.”
I was uploading files for a Serendipity installation for another Cybercafe experiment when I read the warning. I made a mental note to immediately perform the upgrade for my, my wife’s and our Newsletter Solutions blogs – all powered by WordPress.
But I encountered problems in the uploading of the files. I finally finished installing the Cybercafe test site at 5:30 a.m. and I was spent so I went to sleep without installing the fixes. I woke up close to noon and played with the kids. I checked my test site later in the afternoon and posted an entry (the time on the post is wrong, I forgot to enter a value to offset the US-based server time).
The security update slipped my mind because it was listed in one of my server-based wikis (I maintain two. As to why I maintain two server-based wikis, I’ll discuss in a much-delayed article on TiddlyWikis). The wikis hold my notes and tasks list and as much as possible, I do not open these on my dayoff.
I was finally able to apply the fixes early today.