Author Archive
Wordpress 2.3: edit-post-rows XSS Vulnerability
Janek Vind "waraxe" released an XSS vulnerability that affects WordPress 2.3 (The latest 2.3.1 is not affected).
The vulnerability can be found in "wp-admin/edit-post-rows.php". The affected code is as follows:
<?php foreach($posts_columns as $column_display_name) { ?>
<th scope=”col”><?php echo $column_display_name; ?></th>
<?php } ?>
This vulnerability requires the affected web site to have register_globals enabled in order to set the [...]
wp-scanner Q&A
We have seen more and more people using our wp-scanner service to test their WordPress blogs for common security weaknesses. wp-scanner has been used to close thousands of security weaknesses across a variety of large and small blogs.
The original wp-scanner project is still BETA and we are constantly trying to improve the service as we [...]
End of Month Review: October
Its been a great month for BlogSecurity. We got excellent feedback from the new BlogSecurity web template. We released some great articles as well as bringing some of our services forward. All in all, it was a great month! Thanks to all those who made it possible.
Here are some of my favourite posts for the [...]
About page update
We have added information about the BlogSecurity team on the About page. We still have a fair bit of formatting to do as well as adding some photos but check it out.
The idea behind the team profiles is to let you guys feel more connected with the individuals behind the words! We don’t bite (atleast [...]
Playing the double agent
BlogSec is kicking off its security tips for bloggers category. Its really exciting to share with our readers gems and pearls that many security professionals take for granted. enjoy!
We start off with, "the double agent" really clever title (as you will see) if I do say so myself :)
Without boring you to much, a user-agent [...]
