2012/8/15 Tomasz Ganicz polimerek@gmail.com Well - what's the problem that we are using older version of WordPress or MediaWiki? Does it harm anyone?
It wouldn't be a problem if you were just missing new features, but when you miss security patches, it probably is. MediaWiki has a better security track than WordPress. When there's a MW security fix, it is more likely to be "someone could trick a user to steal their credentials", not "someone can abuse your install to send spam".
Still, you can end up with the webpage sending Viagra and Cialis keywords and links with an insecure install of almost any CMS.
If you are certain your install is patched, fine. You can disregard this or even send a note of how you're using Debian Potato and that has the vulnerabilites patched. If you have installed WordPress a year ago and forgot about it, and now think you are secure, then you're not.
WordPress 3.1.1 fixes three security issues [1] Another one in 3.1.2 although not relevant if you don't have untrusted contributors [2] WordPress 3.1.3 fixes some more security issues, wlthough changelog is quite vague [3] WordPress 3.1.4 is similar to 3.1.2 "fixes an issue that could allow a malicious Editor-level user to gain further access to the site" [4] WordPress 3.3.1 "fix for a cross-site scripting vulnerability" [5] WordPress 3.3.2, six different security fixes [6] WordPress 3.3.3, "an unannounced security fix release", probably the same as 3.4.1 [7] WordPress 3.4.1 "fixes a few security issues", although seem more relevant for multisite installs [8]
From Wordpress 3.1 to 3.4.1 you missed 12 releases. Are you sure your
install is secure? We got cracked with a newer WordPress release than the one you're using, with two shellcodes installed in our web. Your "what's the problem" attitude is a dangerous one.
Regards
1- http://wordpress.org/news/2011/04/wordpress-3-1-1/ 2- http://wordpress.org/news/2011/04/wordpress-3-1-2/ 3- http://wordpress.org/news/2011/05/wordpress-3-1-3/ 4- http://wordpress.org/news/2011/06/wordpress-3-1-4/ 5- http://wordpress.org/news/2012/01/wordpress-3-3-1/ 6- http://wordpress.org/news/2012/04/wordpress-3-3-2/ 7- http://codex.wordpress.org/Version_3.3.3 8- http://wordpress.org/news/2012/06/wordpress-3-4-1/