Comments on: WP 2.3.3 does not close injection spam loophole

By: ScottS-M

ScottS-M — Mon, 17 Mar 2008 16:07:43 +0000

Cookie hijacking is different than they were using before wasn’t it? Funny they’d go through the trouble of getting that and then fall back to the same sort of spam as before.

By: Aziz Poonawalla

Aziz Poonawalla — Mon, 17 Mar 2008 11:31:59 +0000

I upgraded that blog the day of the 2.3.3 release, because I’d been hit before. So merely upgrading the blog doesn’t remove the vulnerability?

I am going ahead and changing the passwords. Thats probably best practice anyway.

By: Donncha O Caoimh

Donncha O Caoimh — Mon, 17 Mar 2008 09:48:58 +0000

I think your blog was probably attacked before you upgraded and the hackers got your login cookie using some Javascript. Best thing to do is change your password!