A command execution vulnerability has been found in WordPress’s handling of incoming cookie information which allows remote attackers to cause the program to execute arbitrary code if the PHP settings of register_globals has been set to On.命令执行漏洞已被发现在WordPress的处理传入的cookie信息,使远程攻击导致该程序执行任意代码,如果PHP的设置了register_globals已设置为上。

Already a perl and php exploit is available.已经是一个Perl和PHP的利用可用。 It affects WordPress version 1.5.1.3 and before when register_globals is set to On.它影响的WordPress版本1.5.1.3之前,当register_globals设置为上。 The information has been provided by Kartoffelguru.资料已经提供了kartoffelguru 。

WordPress developers are working on a fix.在WordPress的开发人员正努力在一个修补程序。

Update: Add the line to your php.ini file (in WordPress root) for a fix:更新:行添加到您的php.ini文件(在WordPress根)为修复:
php_flag register_globals off php_flag register_globals的小康

Do it now.现在就这样做。

Note: This may affect functioning of some plugins which rely on php global variables being available.注:这可能会影响运作的一些插件,这依赖于PHP的全局变量被可用。