An older vulnerability that got ignored in 2007 is showing up again.
According to Acunetix’s Bogdan Calin, this particular vulnerability is exploitable through the platform’s XMLRPC API (through XMLRPC.PHP). Attackers could try and guess hosts inside each network they target, port scan those hosts, reconfigure internal routers and launch large scale DDoS attacks.
From the details it doesn’t sound extremely dangerous, but something that should be fixed sooner rather than later. You can bet that we will see WordPress 3.5.1 pretty darned soon!
Be First to Comment