Author Archive
WordPress Thrashing Authorisation Bypass
Thomas Mackenzie has reported a vulnerability affecting Wordpress >= 2.9. Versions before 2.9 are not vulnerable.
tmacuk quote:
Since version 2.9 a new feature was implemented so that users were able to retrieve posts that they may have deleted by accident. This new feature was labelled ‘trash’. Any posts that are placed within the trash are only viewable [...]
st_newsletter SQL Injection
The st_newsletter Plugin is once again vulnerable to SQL Injection.
The hole is located within the page stnl_iframe.php, the parameter newsletter is missing correct sanitisation and so the plugin is prone to this attack. Currently we’re not aware about any fixes, users should disable the Plugin in the meantime, or should fix the problem their self. [...]
Multiple vulnerabilities in WP Comment Remix 1.4.3
A number of vulnerabilities have been discovered in the WP Comment Remix 1.4.3 plugin.
The following is a short overview of the vulnerabilities discovered:
SQL Injection: caused by unsanitized variable “p” in the ajax_comments.php file.
Cross Site Scripting: This affects authenticated and unauthenticated users.
Cross Site Request Forgery: the form generated through wpcr_do_options_page lacks the WordPress wp_nonce security function.
These [...]
Wordpress-MU Cross Site Scripting Vulnerability
Product: Wordpress-MU (multi-user)
Version: Versions prior to 2.6 are affected
Credits: Juan Galiana
Juan Galiana has published the advisory to Bugtraq this week which includes a proof of concept exploit.
Wordpress-MU is affected by a Cross Site Scripting vulnerability, an attacker can perform an XSS attack that allows him to access the
targeted user cookies to gain administrator privileges
In [...]
WordPress 2.6 Released
WordPress 2.6 is now available. We have mentioned from of the security improvements in an earlier post. The latest version promises a number of security enhancements as follows:
XML-RPC is turned off by default, but is easy to turn on again. Historically, attacks were possible through the XMLRPC services. We don’t know how many bloggers use [...]
