Author Archive
wp-people, Simple Forum, WP Photo Album, Search Unleashed, Sniplets
Once again a number of critical issues have been discovered in a variety of WordPress plugins. If you are using one of these plugins, we suggest disabling the plugin until a fix has been produced by the plugin developer. Info as follows:
WP People <=1.6 is vulnerable to SQL Injection. The person parameter is not correctly [...]
WPIDS v0.1.2 officially released
We are pleased to announce the availability of WPIDS 0.1.2. WPIDS is a Intrusion Protection System, which is based upon the Intrusion Detection System PHPIDS.
The Plugin is able is able to detect attack strings and block them. This adds that needed layer of protection!
The latest version ships with PHPIDS version 0.4.7. The latest PHPIDS release [...]
WordPress MU 1.3.3 Security release
Donncha has announced the new release of WordPress MU (1.3.3). This release fixes the same flaw in XML-RPC as the WordPress core release.
We recommend you update your WP-MU to the latest version or atleast upgrade your xmlrpc.php file.
dmsguestbook, st_newsletter, Wordspew, wp-footnotes vulnerabilities [Update2]
Within the last few days a number of remote SQL Injection vulnerablities within a variety of plugins have been released. This new search for this type of vulnerability follows David Kierznowski’s recent finding in the popular WP TextLinkAds plugin.
dmsguestbook 1.7.0 is vulnerable to multiple vulnerabilites. At first it’s possible to Deface your wp-config.php, an Attacker [...]
WordPress 2.3.3 Security Fix
A new Version of WordPress (2.3.3) is available for Download.
This release fixes one vulnerability, which allows any authenticated user access to edit any post from any user on that Blog. This is possible by sending a malicious request via the XML-RPC interface.
Replacing the xmlrpc.php file will resolve this problem: xmlrpc.php (from WP 2.3.3).
Anyway 2.3.3 fixes [...]
