Advisories

2

WordPress 2.5.1 Malicious File Execution

Posted by Philipp
May 31, 2008

CWH Underground have published an advisory regarding a malicious file execution vulnerability in WordPress 2.5.1.

We do not quite follow this advisory. The vulnerability discusses the idea of uploading a PHP backdoor onto a WordPress blog via the upload file facility, or via the plugin edit facility. I don’t think this is really a [...]

5

WordPress 2.5.1 Release Fixes Several Vulnerabilities

Posted by Philipp
April 28, 2008

The First Security- & Bugfix Release of the latest WordPress branch is now available. WordPress do not mention the vulnerabilities fixed on the download page, but BlogSec recommended 2.5 users upgrade ASAP.

Of all the bugs fixed, two fairly critical security issues were fixed. A Cross-Site Scripting vulnerability and the WP 2.5 Cookie Integrity Protection [...]

5

Wordpress 2.5 Cookie Integrity Protection Vulnerability

Posted by DK
April 27, 2008

Steven J. Murdoch has discovered a vulnerability in WordPress 2.5 that may allow a registered user to gain admin level access on the blog. Only WP 2.5 blogs that permit users to register user accounts are vulnerable.

According to Steven:

This vulnerability exists because it is possible to modify
authentication cookies without invalidating the cryptographic
integrity [...]

5

WP Spreadsheet(wpSS) SQL Injection

Posted by Philipp
April 24, 2008

A vulnerability has been found in Spreadsheet(wpSS) WordPress plugin.

The SQL Injection vulnerability may allow an attacker to compromise your backend database and potentially your blog and web server.

A public exploit has been released on milw0rm by 1ten0.0net1.

The ’ss_id’ parameter inside ss_load.php is not correctly escaped before being passed to the database.

It was reported that all [...]

16

WordPress 2.5 Secret_Key Vulnerability

Posted by DK
April 16, 2008

José Carlos Nieto Jarquín has found a vulnerability affecting WordPress 2.5 ONLY. His advisory was released on SecurityFocus yesterday.

Our recent "Secure WordPress Whitepaper Revision" shows the new WordPress SECRET_KEY variable in the ‘wp-config.php’ file. This SECRET_KEY must be set to something random, as specified in the WordPress documentation. If not, it may be possible for [...]

Previous Page
Next Page