Title: [Security] WordPress PHP Code Injection Vulnerability
Last modified: August 18, 2016

---

# [Security] WordPress PHP Code Injection Vulnerability

 *  [BOK](https://wordpress.org/support/users/bok/)
 * (@bok)
 * [20 years ago](https://wordpress.org/support/topic/security-wordpress-php-code-injection-vulnerability/)
 * I don’t want to cause a stampede, but there seems to be a new security-issue.
   Check [http://secunia.com/advisories/20271/](http://secunia.com/advisories/20271/)
 * Is this being worked on?
    I can not reproduce it on my system and blog though…

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [Peter Westwood](https://wordpress.org/support/users/westi/)
 * (@westi)
 * [20 years ago](https://wordpress.org/support/topic/security-wordpress-php-code-injection-vulnerability/#post-394508)
 * Reading through this it is based on exploiting the file cache which is disabled
   by default in v2.0.2 because it caused too many issues getting it to work on 
   every possible combination of PHP/CGI/Webserver/Host Os so it won’t affect a 
   v2.0.2 install unless you enable the caching to disk of db data.
 * You also have to have a easy to guess database password to make the exploit feasible.
 *  [udippel](https://wordpress.org/support/users/udippel/)
 * (@udippel)
 * [20 years ago](https://wordpress.org/support/topic/security-wordpress-php-code-injection-vulnerability/#post-394511)
 * Downloaded and ran the exploit, but also here, it would not want to do anything
   and died …
 * I also generate the passwords as random; so no easy guessing.
 * Still, the underlying vulnerability is scary, and 🙁
 * Hoping for a patch, nevertheless.
 *  [Peter Westwood](https://wordpress.org/support/users/westi/)
 * (@westi)
 * [20 years ago](https://wordpress.org/support/topic/security-wordpress-php-code-injection-vulnerability/#post-394702)
 * v2.0.3 is now released with the fix for this included.
 * See: wordpress.org/development/2006/06/wordpress-203/

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘[Security] WordPress PHP Code Injection Vulnerability’ is closed to new
replies.

## Tags

 * [exploit](https://wordpress.org/support/topic-tag/exploit/)

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 3 replies
 * 3 participants
 * Last reply from: [Peter Westwood](https://wordpress.org/support/users/westi/)
 * Last activity: [20 years ago](https://wordpress.org/support/topic/security-wordpress-php-code-injection-vulnerability/#post-394702)
 * Status: not a support question

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics