Archive for February, 2008
wp-people, Simple Forum, WP Photo Album, Search Unleashed, Sniplets
Once again a number of critical issues have been discovered in a variety of WordPress plugins. If you are using one of these plugins, we suggest disabling the plugin until a fix has been produced by the plugin developer. Info as follows:
WP People <=1.6 is vulnerable to SQL Injection. The person parameter is not correctly [...]
WPIDS v0.1.2 officially released
We are pleased to announce the availability of WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS.
The Plugin is able is able to detect attack strings and block them. This adds that needed layer of protection!
The latest version ships with PHPIDS version 0.4.7. The latest PHPIDS release [...]
Ferruh WordPress CSRF Vulnerability
Ferruh sent BlogSec an email this morning about a new attack vector for WordPress, using CSRF (Cross Site Request Forgery).
We have not yet had time to investigate the issue further, but it looks interesting. The basic concept revolves around the fact that WordPress is user friendly and asks the user for confirmation before submitting a [...]
wp-no-version plugin updated
This latest release of wp-no-version will not remove the version for authenticated users. This was done to support the new WordPress update checks which alert blog owners to new versions of WordPress.
In my opinion this is really the best of both worlds, wp-scanner will not detect the version of the blog after this has been [...]
BlogSec Moving Forward
BlogSec is planning a major move over the next couple months. This is mainly due to BlogSec’s fast growth and to enable us to develop its future services.
The plan is to get new dedicated hardware so that we can start kicking in the next phase of the BlogSec project(s).
We have a number of members willing [...]
