Archive for February, 2008
WordPress MU 1.3.3 Security release
Donncha has announced the new release of WordPress MU (1.3.3). This release fixes the same flaw in XML-RPC as the WordPress core release.
We recommend you update your WP-MU to the latest version or atleast upgrade your xmlrpc.php file.
Facebook IE Users at Risk
Elazar recently released a buffer overflow proof of concept in Aurigma’s ImageUploader ActiveX plugin.
This ActiveX control is used by Facebook and I have seen it mentioned that MySpace is affected too. The vulnerability is only present for Internet Explorer users.
This vulnerability will allow an attacker to execute commands on your computer via your browser.
This has [...]
dmsguestbook, st_newsletter, Wordspew, wp-footnotes vulnerabilities [Update2]
Within the last few days a number of remote SQL Injection vulnerablities within a variety of plugins have been released. This new search for this type of vulnerability follows David Kierznowski’s recent finding in the popular WP TextLinkAds plugin.
dmsguestbook 1.7.0 is vulnerable to multiple vulnerabilites. At first it’s possible to Deface your wp-config.php, an Attacker [...]
WordPress 2.3.3 Security Fix
A new Version of WordPress (2.3.3) is available for Download.
This release fixes one vulnerability, which allows any authenticated user access to edit any post from any user on that Blog. This is possible by sending a malicious request via the XML-RPC interface.
Replacing the xmlrpc.php file will resolve this problem: xmlrpc.php (from WP 2.3.3).
Anyway 2.3.3 fixes [...]
WordPress.com content theft
Lorelle discusses content theft on WordPress.com. Splogs continue to grow at a rapid rate.
