Akismet 2.1.3 vulnerable to attack? Agh!
According to David Kierznowski, Wordpress’s comment anti-spam tool Akismet is vulnerable to attack. Anyone who’s ever had a Wordpress blog probably knows how effective this wonderful little plugin is at defending against spammers. (Akismet has caught tens of thousands of messages on this blog.) So it’s with a heavy heart I endorse the following plan of attack:
Suggestion 1: switch off Akismet until further notice from Wordpress. (Better safe than sorry.)
Suggestion 2: moderate comments as they come in (duh).
Suggestion 3: prepare doses of anti-depressants and anti-anxiety meds.
Update: Matt says, “It’s a fairly minor XSS issue, it’s been fixed in downloads and source for a few weeks now and I don’t think it’s worth deactivating the plugin for.” Game on!
Update 2: Akismet also happened to bump up to version 2.0.2 yesterday. In light of things, probably seems smart to upgrade your plugin.
Ryan - I shut Akismet off a long time ago - when I found Spam Karma 2.
Try it, you’ll like it! http://unknowngenius.com/blog/wordpress/spam-karma
Rob
Comment by Rob La Gesse — Monday, May 14, 2007 @ 7:36 am
[...] Akismet 2.1.3 vulnerable to attack? Agh! ยป Ryan Block No details given, but Jesus, I’m so tired of security vulnerabilities in absolutely everything… (tags: akismet wordpress security vulnerability) [...]
Pingback by links for 2007-05-15 « insignificant thoughts — Tuesday, May 15, 2007 @ 12:22 am