Security Flaws Found in WordPress Setup
Because the flaws are in an installation script, WordPress claims there's very little risk of their being exploited.
Researchers have uncovered several vulnerabilities in the default WordPress installation page.
"The flaws were found by researchers at TrustWave's SpiderLabs, and in their advisory on the WordPress bugs, they describe how attackers would be able to exploit them," writes Threatpost's Dennis Fisher. "In the advisory, the researchers also include code that can be used to demonstrate the problems."
"Officials from WordPress said that there is little risk of exploitation, so they will not be publishing patches for the vulnerabilities," Fisher writes.
Go to "Multiple Bugs Haunt WordPress Setup" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.