Author Archive

WordPress 2.5.1 Release Fixes Several Vulnerabilities

Posted by Philipp

April 28, 2008

The First Security- & Bugfix Release of the latest WordPress branch is now available. WordPress do not mention the vulnerabilities fixed on the download page, but BlogSec recommended 2.5 users upgrade ASAP.

Of all the bugs fixed, two fairly critical security issues were fixed. A Cross-Site Scripting vulnerability and the WP 2.5 Cookie Integrity Protection [...]

WP Spreadsheet(wpSS) SQL Injection

Posted by Philipp

April 24, 2008

A vulnerability has been found in Spreadsheet(wpSS) WordPress plugin.

The SQL Injection vulnerability may allow an attacker to compromise your backend database and potentially your blog and web server.

A public exploit has been released on milw0rm by 1ten0.0net1.

The ’ss_id’ parameter inside ss_load.php is not correctly escaped before being passed to the database.

It was reported that all [...]

WP-Download SQL-Injection

Posted by Philipp

April 4, 2008

WP-Download 1.2 is vulnerable to a SQL-Injection Vulnerability. The dl_id parameter in "wp-download.php" is not correctly sanistised.

An attacker could use this vulnerability to retrieve usernames and passwords and potentially compromise your blog!

This bug has been reported in version 1.2, but it is likely that older versions are affected.

Please upgrade to version 1.2.1 which addresses [...]

WordPress.com Blogs Vulnerable

Posted by Philipp

March 9, 2008

WordPress.com (2.3.2) is vulnerable to two Cross-Site Scripting vulnerabilities. It is important to note that these only affect WordPress.com blogs.

Proof of concept exploits have been released and there is a danger that an XSS Worm could use this type of vulnerability to compromise thousands of WordPress.com blogs. (See developer verse hosted blogs debate.).

Doz from hackerscenter.com [...]