Archive for May, 2007
WordPress 2.2 Vulnerability
Alexander Concha sent us an email today discussing a vulnerability he has just released for WordPress 2.2.
The vulnerability is another SQL Injection vulnerability in xmlrpc.php affecting WordPress 2.2 (and most likely all versions).
The risk of the attack is slightly less-severe as it requires authentication. According to Alex one requires atleast a subscriber level account to [...]
Blogging and Privacy
BlogSecurity introduces an article by Sarah Turner:
Sarah Turner is a BA Hons in Business Studies and currently works as a Marketing Manager; she has speciliased in the IT security sector for almost 2 years.
Blogs are growing at an astonishing rate, with over 57 million blogs existing all over the world and roughly 1.3 million posts [...]
Writing Secure WP Plugins
This article was originally written by David Kierznowski from Operation n, titled, "Writing Secure WordPress Plugins (part 1)".
Table of Contents
Introduction
attribute_escape
wp_nonce
Summary
References
Introduction
WordPress has become one of the most popular blogging packages on the Internet; this is largely due to its ease of use and its object oriented design which allows the user to easily extend its capabilities [...]
WordPress BlogWatch
BlogSecurity’s WordPress BlogWatch gives you a central location to check out the latest WordPress Vulnerabilities. In the future, I hope to incorporate this information into a WordPress plugin and alerting system. Please check back often for updates.
If you see a vulnerability that we have not listed, please let us know via our Contact Form, thank [...]
WordPress Scanner Information Page
About us
BlogSecurity are security evangelists with a specific target on web 2.0 related security. Learn more about us.
Introduction
WordPress scanner is a free online resource that blog administrators can use to provide a measure of their wordpress security level. It is BETA software and is continually being developed.
This page is the primary help page for wp-scanner. [...]
