Author Archive
WordPress Security Predictions in 2009
Okay, deep breath, in 2008, we saw Cross-Site Scripting, SQL injection, SQL truncation, Cookie generation weaknesses, Directory Traversal, Arbitrary File Uploads and Cross Site Request Forgery attacks, to name a few?
A mouth full but it made for a very interesting 2008 case study of security developments in a popular open source PHP application.
The WordPress core [...]
WordPress <= 2.6.3 XSS Vulnerability
Jeremias Reith has published the advisory to Bugtraq which includes a proof of concept exploit that may allow an unauthenticated attacker access to your blog.
Product affected: WordPress
Version(s):
WordPress 2.6.2 Snoopy Vulnerability
WordPress announced the following vulnerability in WordPress 2.6.2:
A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately. 2.6.3 is available for download right now. If [...]
WordPress 2.6.1 Weak Entropy Vulnerability
iso^kpsbr has discovered a vulnerability that may allow an external attacker to gain admin access to WordPress 2.6.1.
WordPress is prone to a weakness in the entropy of generated passwords. Successfully exploiting this issue may allow an attacker to guess randomly generated passwords. WordPress 2.6.1 is vulnerable; other versions may also be affected.
The original advisory and [...]
WordPress Pwnie Awards
The Pwnie Awards, an ‘annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community’.
It seems like hardly a week goes by without a new vulnerability in WordPress or one of its many plugins. Many of them are actively being exploited to own popular WordPress [...]
