May 2008 (4)

• 12: Vulnerability Hidden in Blog
• 06: Identity Theft 101
• 05: Facebook Top 8 Security Tips
• 01: Feedburner Awareness API

April 2008 (12)

• 29: Is Gravatar Secure to Use?
• 28: WordPress 2.5.1 Release Fixes Several Vulnerabilities
• 27: Wordpress 2.5 Cookie Integrity Protection Vulnerability
• 24: WP Spreadsheet(wpSS) SQL Injection
• 23: BlogSecurity News Portal Launched
• 21: Facebook: What they really have on you
• 16: WordPress 2.5 Secret_Key Vulnerability
• 14: WordPress Whitepaper rev-1.2: New Release
• 11: When to Upgrade your Software
• 09: bs-wp-encrypt plugin: Encrypt Logins
• 07: WordPress 2.5 Admin Login SQL Injection Rumour
• 04: WP-Download SQL-Injection

March 2008 (7)

• 29: WordPress 2.5 Released with Added Security
• 27: Automated WordPress Hacking Tool Cached by Google
• 27: Facebook Personal Photos Revealed Yet Again
• 19: OWASP Talk: PHP Code Analysis: Real World Examples
• 18: Interview with Hacker S@BUN
• 09: WordPress.com Blogs Vulnerable
• 06: WordPress Whitepaper and ModSecurity now available in Español

February 2008 (12)

• 27: wp-people, Simple Forum, WP Photo Album, Search Unleashed, Sniplets
• 20: WPIDS v0.1.2 officially released
• 13: Ferruh WordPress CSRF Vulnerability
• 13: wp-no-version plugin updated
• 12: BlogSec Moving Forward
• 07: WordPress MU 1.3.3 Security release
• 06: Facebook IE Users at Risk
• 05: dmsguestbook, st_newsletter, Wordspew, wp-footnotes vulnerabilities [Update]
• 05: WordPress 2.3.3 Security Fix
• 04: WordPress.com content theft
• 01: Fredrik Fahlstad Plugins Vulnerable
• 01: wp-calc & wp adserv plugin vulnerabilities

January 2008 (11)

• 24: Frisco Vista blog hacked
• 22: WordPress Insecure by Design?
• 22: WP-Forum 1.7.4 SQL Injection
• 18: WP TextLinkAds Plugin SQL Injection Vulnerability follow up
• 17: WP TextLinkAds Plugin SQL Injection Vulnerability
• 16: Democracy 2.0.1 HTML Injection Vulnerability
• 14: bs-wp-sandbox v1.2 released
• 11: Defeating Audio Captcha Systems
• 08: wp-scanner back online
• 08: WP-Filemanager
• 03: WP Directory Traversal Vulnerabilities

December 2007 (10)

• 30: WP 2.3.2 Security Fixes
• 26: bs-wp-sandbox plugin: Lock WP Functions
• 24: bs-wp-noversion plugin: Removes WordPress Version
• 19: WordPress PictPress File Include Vulnerability
• 19: WP-ContactForm HTML Injection Vulnerability
• 11: bs-wp-noerrors: removing WordPress DB errors
• 11: Wordpress 2.3.1 Charset SQL Injection Vulnerability
• 10: WordPress 2.3.1 SQL Injection Vulnerability
• 10: Failing to prepare
• 01: DNS Problems

November 2007 (29)

• 26: ProBlogger what blog platform poll
• 26: Multiple WordPress Plugin Vulnerabilities
• 23: Guest Blogger: Web Business blogs get hacked
• 22: WordPress Cookie Authentication Vulnerability
• 22: Marco Ramilli joins BlogSec Team
• 22: WPIDS - WordPress Intruder Detection System
• 22: WP Cryptographp CAPTCHA bypass vulnerability
• 19: WordPress SSL for Debian Sarge
• 19: Remote blogging security tips
• 19: BlogSec vote closing soon
• 16: WordPress Security Scam Artists
• 16: More WordPress targets for spam
• 14: Role Manager 2.2 Released
• 14: RR Securing WordPress Tips
• 14: Cisco starts security blog
• 13: New WordPress Spam Plugin
• 12: Alicia Keys MySpace Compromised
• 09: Reflections on year old Google blog hack
• 08: Hardening WordPress with htaccess update
• 08: Whitepaper becomes Weißbuch
• 07: BlogSecurity Earns Technorati Top 10K
• 07: New breed of comment spam
• 06: Choosing the right anti-spam solution
• 06: Peter’s Custom Anti-Spam Image CAPTCHA bypass
• 02: SEO Egghead Blog gets hit with spam
• 02: BackUpWordPress Remote File Include Vulnerability
• 01: Blog security for beginners
• 01: Mustlive WordPress Vulnerability Archives
• 01: ModSecurity and Wordpress: Defense in Depth

October 2007 (37)

• 31: Live from the wire: BlogSec News
• 30: Facebook aka Relationship Killer?
• 30: Dangers in reverting
• 29: Wordpress 2.3: edit-post-rows XSS Vulnerability
• 29: wp-scanner Q&A
• 26: Visitor poll results: What makes you tick
• 26: End of Month Review: October
• 26: About page update
• 25: What is OpenID?
• 25: Power Bloggers Vulnerable
• 24: Which is more secure: WordPress vs WordPress MU
• 23: Should you display a subscriber count?
• 22: SpamBam 2.2.2 released
• 22: WordPress 2.3.1 Beta 1
• 19: Social networking sites - what have I learnt?
• 19: Developer vs User hosted blogs
• 18: Feedburner: Show me the Money
• 18: What floats your boat
• 17: Countries censoring bloggers named
• 17: First WP 2.3 Dexter Vulnerability
• 16: New BlogSecurity look
• 16: WordPress security getting better?
• 15: Facestalking defined
• 15: Blogs and Breakins
• 12: wp-scanner bug fixed
• 11: Keeping the bots out
• 11: WP Prefix Changer v1.1 released
• 10: Joomla gallery module vulnerable
• 09: Choosing a hosting provider
• 09: September Top 5
• 08: Social networking privacy - forgetting your password and closing your account
• 08: Inspector WordPress Plugin Review
• 05: Playing the double agent
• 05: wp-scanner 1.3b released
• 04: WordPress Security Whitepaper
• 03: Feedsmith Feedburner vulnerability fixed
• 02: Hijacking feeds with Feedburner Vulnerability

September 2007 (16)

• 30: Choosing the right blogging software
• 28: Pre-Upgrade Check Plugin for WordPress
• 27: Social networking privacy - inviting your friends to sign up
• 26: Spambam: comments anti-spam plugin
• 26: Corporate Blogger Policy
• 25: 5 Step Failsafe upgrade for WordPress
• 24: wp-scanner to detect backups
• 22: WordPress 2.3 changes
• 21: 2 vanilla XSS on Wordpress ‘wp-register.php’
• 20: Shifting to PHP5
• 17: WordPress Hardening Project Update
• 14: BlogSec web dev team member needed
• 13: Social networking privacy - where are your details stored?
• 13: Dangerous WordPress Exploit Made Public
• 11: BlogSec News Update
• 05: Social networking privacy issues - signing up

August 2007 (15)

• 28: Interview with beNi
• 22: Critical WordPress Flaw Found
• 22: http versus https
• 16: WordPress Hardening article Updated
• 15: wp-scanner update
• 14: Interview with Matt Mullenweg, WordPress
• 09: Wordpress is in the Press - but Security isn’t
• 09: Social networking privacy and data issues
• 08: Top 11 WordPress Plugins
• 05: Top 10 Vulnerable WP Themes
• 05: WordPress 2.2.2
• 04: BlogSecurity Reloaded
• 03: BlogSec News Launched
• 01: First Weblog Worm targets WordPress
• 01: Role Management Security

July 2007 (23)

• 30: WordPress Plugin Tracker
• 27: WordPress stats plugin SQL Injection
• 26: wp-feedstats persistent XSS
• 26: Stopping WordPress Spam
• 26: Wordpress and understanding SEO
• 23: Import, Export WordPress Tax
• 21: BlogRoll Launched
• 18: WordPress Username Enumeration
• 17: Blogroll sounds like bogroll
• 17: Hot from the griddle
• 14: BlogSecurity E-Mail Alerts
• 14: wp-scanner plugin
• 13: HIGH RISK: wp-feedstats plugin vulnerable
• 13: WP Prefix Table Changer
• 12: WordPress Blog gets hacked
• 11: WordPress Cross Domain Redirect
• 11: WordPress Path Disclosure Vulnerability
• 09: WordPress BlogWatch Updated
• 05: wp-pass Redirect Vulnerability
• 05: Blogging - are you helping the bad guys?
• 03: wp-scanner review
• 03: Blog Under Siege
• 02: Request for Comments

June 2007 (14)

• 30: The 1000 Blog Vulnerability Assessment
• 28: Interview with Stefan Esser
• 24: wp-scanner online v1.2 released
• 23: wp-scanner goes online
• 22: BlogSecurity Milestone
• 22: Why start a blog?
• 21: WordPress 2.2.1 Released
• 20: Hardening WordPress with htaccess
• 10: WordPress Default Theme XSS
• 10: New Release: WordPress Scanner
• 08: Blog Censorship
• 06: Common WP Theme Vulnerabilities
• 04: BlogSecurity Standard
• 01: WordPress Unauthorised Comments Disclosure

May 2007 (7)

• 30: WordPress 2.2 Vulnerability
• 30: Blogging and Privacy
• 28: Writing Secure WP Plugins
• 27: WordPress BlogWatch
• 26: WordPress Scanner
• 23: WordPress Community Vulnerable
• 21: BlogSecurity Launched