Advisories
WordPress Plugin DM Albums 1.9.2 vulnerabilities
DM Albums™ is an inline photo album/gallery plugin that displays high quality images and thumbnails perfectly sized to your blog.
Two vulnerabilities have been made public:
1. Stack released a “remote file disclosure vulnerability” (Low-Medium Risk Level)
2. Septemb0x released a “remote file include vulnerability” (Critical Risk Level)
An attacker could use these vulnerabilities to potentially gain full access [...]
WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability
A critical vulnerability has been discovered in the WordPress Plugin Related Sites plugin. An exploit is available in the wild and available on Milw0rm, making this attack easier to exploit.
Although, the vulnerability says that version 2.1 is vulnerable. You should assume previous versions are vulnerable as well.
BlogSec have confirmed that the current version (at the [...]
WordPress MU < 2.7 Cross Site Scripting Vulnerability
Cross Site Scripting Vulnerability
Juan Galiana Lara has released details regarding a vulnerability that affects WordPress MU versions < 2.7.
Version 2.7 is NOT affected according to the advisory. So if you have upgraded to 2.7 you can ignore this advisory.
Vulnerability Details
WordPress MU prior to version 2.7 fails to sanitize the Host header correctly in choose_primary_blog function [...]
Old WP-Forum Vulnerability Gets Disclosed
An vulnerability for Fredrik Fahlstad’s WP-Forum Plugin has been made public on milw0rm. The exploit appears to affect an older version (1.7.8) of the popular WordPress plugin.
The plugins homepage is already on version 2.2. This means this vulnerability was probably discovered shortly after the initial version 1.7.4 vulnerability reported by BlogSecurity in early 2008.
As [...]
WordPress <= 2.6.3 XSS Vulnerability
Jeremias Reith has published the advisory to Bugtraq which includes a proof of concept exploit that may allow an unauthenticated attacker access to your blog.
Product affected: WordPress
Version(s):
