Comments on: WordPress vulnerability means don’t save sensitive information in drafts http://wpgarage.com/news-views/wordpress-vulnerability-means-dont-save-sensitive-information-in-drafts/ wordpress tricks, hacks, and tips Wed, 09 May 2012 06:53:59 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: It’s time to upgrade WordPress | WordPressGarage.com http://wpgarage.com/news-views/wordpress-vulnerability-means-dont-save-sensitive-information-in-drafts/#comment-760 It’s time to upgrade WordPress | WordPressGarage.com Sun, 30 Dec 2007 11:08:33 +0000 http://wordpressgarage.com/news-views/wordpress-vulnerability-means-dont-save-sensitive-information-in-drafts/#comment-760 [...] releasing any new versions until 2.3, we now are faced with WordPress version 2.3.2, which fixes the draft vulnerability we wrote about recently, as well as “suppress[ing] some error messages that can give away [...] [...] releasing any new versions until 2.3, we now are faced with WordPress version 2.3.2, which fixes the draft vulnerability we wrote about recently, as well as “suppress[ing] some error messages that can give away [...]

]]> By: Ryan http://wpgarage.com/news-views/wordpress-vulnerability-means-dont-save-sensitive-information-in-drafts/#comment-759 Ryan Thu, 20 Dec 2007 19:51:29 +0000 http://wordpressgarage.com/news-views/wordpress-vulnerability-means-dont-save-sensitive-information-in-drafts/#comment-759 I think the main reason for WordPress security updates and reports being so common is due to it's popularity. More people using it means more people finding holes and more people trying to take advantage of holes. The thing is though ... who cares if drafts are in insecure? Surely no one would store particularly sensitive information in them? The only way I could see this being a problem is if sploggers managed to access them and posted them before you did, which could potentially lead to your content being picked up as a duplicate of the splogger instead of the other way around due to theirs being published first. I read recently that WordPress have no intentions of an update until 2.4 is released some time in January/February. So maybe they'll stick to that schedule. I think the main reason for WordPress security updates and reports being so common is due to it’s popularity. More people using it means more people finding holes and more people trying to take advantage of holes.

The thing is though … who cares if drafts are in insecure? Surely no one would store particularly sensitive information in them?

The only way I could see this being a problem is if sploggers managed to access them and posted them before you did, which could potentially lead to your content being picked up as a duplicate of the splogger instead of the other way around due to theirs being published first.

I read recently that WordPress have no intentions of an update until 2.4 is released some time in January/February. So maybe they’ll stick to that schedule.

]]>