I don’t post every time something upgrades but the wordpress development blog says version 2.2.2 is being released.

This addresses 1 of the 7 security issues found on this page last week.

The one that is fixed is a XSS exploit that allows the attacker to execute remote commands (remote shell) with the privileges of your web server.

The example code given is :

/upload.php?style=%22%3E{shellcode}&tab=upload&post_id=-1337

BTW I love wordpress’s priority on this one of – OMG BBQ

#4689 (WordPress uploads.php Cross-Site Scripting Vulnerability) - WordPress Trac - Trac

A.D.D SIDENOTE – why does wordpress name every download latest.tar.gz and say its always the newest….

Actually I think it is up to date. If you look at the wp-includes/version.php file it says

$wp_version = ‘2.2.2’;
$wp_db_version = 5183;

But when I upgraded it still shows:

Shoemoney - Skills To Pay The Bills 203A Dashboard 2014 WordPress

Maybe its just me?

UPDATE: it was just me…. hats off to wordpress for responding to this serious vulnerability so fast.

By Jeremy Schoemaker

Jeremy "ShoeMoney" Schoemaker is the founder & CEO of ShoeMoney Media Group, and to date has sold 6 companies and done over 10 million in affiliate revenue. In 2013 Jeremy released his #1 International Best selling Autobiography titled "Nothing's Changed But My Change" - The ShoeMoney Story. You can read more about Jeremy on his wikipedia page here.

40 thoughts on “WordPress 2.2.2 Released – Upgrade ASAP”
  1. This is the text at the end of my blogs

    Documentación — Foros de ayuda Traducción basada en WordPress-ES por Carrero.
    2.2.2 — 0.31 segundos

    So it must be you =)

  2. That would be great! It’s a pain to upgrade lots of wordpress instalations 🙁

  3. Could you please add to your post that it’s not that terrible to wait a while, especially if you don’t have upload.php 🙂

    I don’t have that file on wp-includes/

  4. At least this one wasn’t like a day after 2.2.1 because of malicious code… thanks for the tip dude

  5. There will be always some upgrade… It is strange that there is someting new to upgrade.

  6. Upgrade?..I still need to set my 1st up, anyone care to suggest a good SEO plugin for once i get it up

  7. latest.zip and latest.tar.gz always redirect to the latest version of WordPress (always in the form of wordpress-x.x.x.zip/tar.gz), that’s why. 😛

  8. Agreed! I was happy to be installing a new blog today – it’s not up yet – but if I downloaded after this post I assume I have the latest version!!

  9. […] am usually pretty slack with keeping everything to date, but the way Shoemoney put it caused me to take notice and I am currently upgrading about 8 sites… this one having […]

  10. Upgraded all of my eight blogs the moment I heard a security exploit became known. 😉

    Steve

  11. Great. Freakin’ love wordpress, thank god for the upgrade. Going to upgrade now.

  12. Normally I don’t mind upgrading, but WordPress really does make it a pain in the neck when you upgrade as you usually have to change your template files, etc. C’mon WordPress…please fix your ho’s. I mean holes. My day is now shot.

    P.S. Anyone who left their blog url in these comments has just become a target (if you haven’t upgraded). 😛

  13. I also always wondered why they do that – it’s nice for hotlinking, but its always doubtful if you really got the latest. I use the update checker plugin.

  14. Yeah I will have to upgrade soon, I dont like doing it every time tho, takes a few minutes of vulnerable time.

  15. It’s so good to see Matt and the crew make security a more public priority. That being said, glad I upgraded 😮

  16. Practically no one misses out on a bar-b-que, especially when it’s free! I guess that was the sentiment behind it.

  17. Chris, it is definitely a worthwhile plugin to install. I backed up and upgraded my WordPress install in less than 2 minutes.

  18. Does anyone have a really good WP theme to share or know where I can find something clean, but different from the norm.

Comments are closed.