Archive for April, 2008

24

WordPress 2.5 Admin Login SQL Injection Rumour

Posted by DK
April 7, 2008

BlogSec received an email yesterday with a rumour that an SQL Injection issue has been found in the Wordress 2.5 admin login screen.

There is currently no evidence to backup this claim, and we have received no further information. As time permits, we will investigate this issue further.

1

WP-Download SQL-Injection

Posted by Philipp
April 4, 2008

WP-Download 1.2 is vulnerable to a SQL-Injection Vulnerability. The dl_id parameter in "wp-download.php" is not correctly sanistised.

An attacker could use this vulnerability to retrieve usernames and passwords and potentially compromise your blog!

This bug has been reported in version 1.2, but it is likely that older versions are affected.

Please upgrade to version 1.2.1 which addresses [...]

Previous Page