Important Security fix on WordPress 2.5.1
A new WordPress release is just out on version 2.5.1 which fixes tons of bugs and a patch to a very important security vulnerability specifically if your blog is open to user registration. Those on WordPress is strongly encouraged to upgrade.
If you download the entire WordPress 2.5.1 release, you will be getting over 70 other fixes. This update focuses on fixing the most annoying bugs and improving performance. Here are some of the highlights:
- Performance improvements for the Dashboard, Write Post, and Edit Comments pages.
- Better performance for those who have many categories
- Media Uploader fixes
- An upgrade to TinyMCE 3.0.7
- Widget Administration fixes
- Various usability improvements
- Layout fixes for IE
Most importantly, a security fix is included in this update:
An attacker, who is able to register a specially crafted username on a WordPress 2.5 installation, is able to generate authentication cookies for other chosen accounts.
This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection.
If a WordPress blog is configured to freely permit account creation, a remote attacker can gain WordPress-administrator access and then elevate this to arbitrary code execution as the web server user.
If you’ve just updated to WP 2.5, you need to get the update to fix this risky security hole.