A new version of WordPress has been released after a vulnerability was discovered in Snoopy, the PHP class that popular blogging platform uses to fetch the feeds shown in the Dashboard. The vulnerability in Snoopy can be exploited by malicious people to inject arbitrary shell commands via a script calling the “fetch()” or “submit()” function with an URL controlled by the attacker.
WordPress 2.6.3 fixes the Snoopy vulnerability and you can download it from here. Well, if you don’t want to download and upload the whole package of WordPress 2.6.3, you can download the two changed files (wp-includes/class-snoopy.php and wp-includes/version.php) and copy them over your WordPress 2.6.2 installation.
When upgrading WordPress, personally I prefer to upload only the changed files. Because it saves time. What about you? The security fix in WordPress 2.6.3 is not so serious. Still you should upgrade and the quickest way to do so is use the two files that I mentioned above.
Subscribe via RSS
Connect via Twitter
Thanks for the heads up. Sounds like a pretty important update to install right away. Next on my to-do list now.
I was waitting the newest edition of wp. And now the day has come,cihui……..
Thanks EarnBlogger. Updating only the changed files really saves a hell lot of time and unnecessary mess.