Author Archive
bs-wp-sandbox v1.2 released
The main changes in this version are to make it easier to use and to permit comments and post previews by default. Also, when a blacklisted page is requested bs-wp-sandbox will redirect the client to “http://yourblog/”. Now you can change the BLOGNAME variable at the top of the file to redirect the client where you [...]
wp-scanner back online
wp-scanner is back online. We are in the process of moving wp-scanner to become part of a larger, cooler project. We had emails flooding in, so we’ve gotten it back up… please let us know if you run into any bugs.
bs-wp-noversion plugin: Removes WordPress Version
BlogSecurity Wordpress Noversion plugin (bs-wp-noversion), prevents WordPress version leakage. Another simple, yet extremely useful WordPress security plugin.
Alot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions.
Plugin Name: [...]
SEO Egghead Blog gets hit with spam
Jaimie Sirovich of SEO Egghead has reported that his blog was attacked by spam is claiming that it is due to an an HTML insertion vulnerability which affects WP 2.3 and the latest version 2.3.1. Unfortunately, he has not provided any further details, so we cannot look into this further.
When we do a Google search [...]
BackUpWordPress Remote File Include Vulnerability
A remote file include vulnerability has been found in BackupWordpress < 0.4.3.
This means if an attacker can execute code on your web server if they can access the following script directly:
http://[target]/_path]/plugins/BackUp/Archive.php
A proof of concept exploit has already been released into the wild. We suggest you upgrade as soon as possible.
Affected code:
require_once $GLOBALS['bkpwp_plugin_path'].”PEAR.php”;
A new version is [...]
