WordPress 2.6.3 has been officially announced a few days. According to the announcement, the problem occurred on the snoopy library, which used to fetch the feeds shown in the Dashboard on the Administration Panel.
It’s a few update anyway, which only related to the vulnerability as reported by Secunia Advisories.

A vulnerability has been discovered in Snoopy, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the “_httpsrequest()” function isn’t properly sanitized before being used in an “exec()” call. This can be exploited to inject arbitrary shell commands via a script calling the “fetch()” or “submit()” function with an URL controlled by the attacker.

Although it was a small and low-risk vulnerability, it should be better to upgrade the engine into latest version to prevent any malicious usage. If so, how to easily upgrade WP 2.6.2 into WP 2.6.3 ?

  • SSH into remote server where blog has hosted
  • Navigate into wp-includes folder
    [code language=’cpp’]wget -m -nd http://trac.wordpress.org/export/9310/tags/2.6.3/wp-includes/class-snoopy.php
    wget -m -nd http://trac.wordpress.org/export/9310/tags/2.6.3/wp-includes/version.php[/code]

If you have no access to the SSH account, replace the above file using FTP client.

One thought on “The Easiest Way to Upgrade WordPress 2.6.2 into 2.6.3”

Leave a Reply to Akismet Error : Cannot load akismet-admin page | Spirit of Change Cancel reply

Your email address will not be published.