I was reading some blogs and came across this serious vulnerability in the way Wordpress handles the blogroll posting by unregistered users. The “wp-admin/link.php” script does not check the permissions of the user before adding a new Blogroll link.

BlogSecurity has posted a fix already, so it is highly recommended to fix it before you start to get spam on your blog. to fix it you just have to change some lines of code inside wp-admin/link.php.

if ( ! current_user_can('manage_links') )
wp_die( __('You do not have sufficient permissions
to edit the links for this blog.') );

If you want, there is a fixed link.php file here. Just backup your current file and replace it with this one.

Website

• Upgrade WordPress: Easy
• Link Windows Live Accounts
• The Best Internet Explorer Add-Ons
• Windows Vista SP1 New Disc Images
• WordPress 2.3.1 Released