Archive for August, 2008
Acunetix Advanced Web Vulnerability Scanner Review
As some of you may know, our wp-scanner project looks for common WordPress XSS issues but what about testing more advanced web sites and/or CMS (content management systems)?
Acunetix is one of the leading commercial web applicaton vulnerability scanners on the market. The reason I mention it (other then the fact that they are one of [...]
WordPress Pwnie Awards
The Pwnie Awards, an ‘annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community’.
It seems like hardly a week goes by without a new vulnerability in WordPress or one of its many plugins. Many of them are actively being exploited to own popular WordPress [...]
WP Contact-Form Vulnerabilities
WP Contact Form is a very popular WordPress plugin.
Mustlive has reported a number of vulnerabilities which you can view at his web page here.
According to the plugin authors page, the latest version is 3.1.8. We went ahead and downloaded a copy to have a look. The actual contact form page that your users see is [...]
AskApache WordPress Hardening Plugin
BlogSecurity released a popular article last year titled "Hardening WordPress with htaccess". It provided basic, yet effective techniques to harden a WordPress blog install.
Using Apache’s mod_rewrite allows us to perform basic filtering and application firewalling. AskApache is pushing mod_rewrite boundaries to the limits with a cool plugin that will allow automated anti-hack/spam htaccess rules.
The plugin [...]
WP Downloads Manager 0.2 Remote File Upload
The Wp Downloads Manager module is a plugin for WordPress.
Wp Downloads Manager is prone to a vulnerability that lets attackers upload and execute arbitrary code. This issue occurs because the application fails to sufficiently sanitize user-supplied file extensions before uploading files onto the webserver via the ‘upload.php’ script.
Successfully exploiting this issue will allow attackers to [...]
