Fredrik Fahlstad Plugins Vulnerable
Filed Under (Advisories, WordPress) by Philipp

The H-T Team made some new exploits public which affect following Plugins by Fredik Fahlstad fGallery 2.4.1 and WP-Cal 0.3, both are vulnerable against Remote SQL Injection. It is likely that earlier versions are affected.

Within the WP-Cal Plugin, the File editevent.php is vulnerable for this attack, because of improper sanitisation of the id parameter. Within [...]

(3) Comments   
Read More   
wp-calc & wp adserv plugin vulnerabilities
Filed Under (Advisories, WordPress) by DK

Jeffro2pt0 at WeblogToolsCollection has reported two new vulnerabilities that have recently been found in WordPress plugins:

Today, we have a moderately critical SQL Injection Vulnerability that was discovered by HouSSaMix in the “WP-Cal” plugin version 0.x for WordPress.

A person who goes by the handle “enter_the_dragon” has discovered a vulnerability within the Adserve Plugin version 0.2 [...]

(2) Comments   
Read More   
WP-Forum 1.7.4 SQL Injection
Filed Under (Advisories, WordPress) by Philipp

For Fredrik Fahlstads WP-Forum Plugin was a critical vulnerability made public. Details are available on Secunia and milw0rm.

This hole may allow an unauthenticated attacker full access to your blog and potentally your web server/host.

Input passed to the “user” parameter in the WordPress installation’s index.php script (when “forumaction” is set to “showprofile” and “page_id” to a [...]

(8) Comments   
Read More   
WP TextLinkAds Plugin SQL Injection Vulnerability
Filed Under (Advisories, WordPress) by DK

David Kierznowski of BlogSecurity has found a critical vulnerability in the popular TextLinkAds plugin for WordPress. The vulnerability allows an unauthenticated, remote attacker to completely compromise your database and therefore your blog.

This is a serious security risk, and should take higher priority then what it has. I have shared various emails with TextLinkAds (starting 31 [...]

(17) Comments   
Read More   
Democracy 2.0.1 HTML Injection Vulnerability
Filed Under (Advisories, WordPress) by DK

Intro
Democracy is a popular AJAX driven voting plugin for WordPress.
BlogSecurity found a vulnerability in the latest version of Democracy (2.0.1) that may allow attackers to hijack your admin/user accounts as well as a vast number of other attack vectors.
Proof of concept (test your blog):

http://wordpress.dom/blah’style=xss:expression(alert(document.cookie)); (Tested on IE7)
OR
http://wordpress.dom/blah’onMouseOver=javascript:alert(document.cookie);// (Testing on Firebox & IE)

This proof of concept [...]

(6) Comments   
Read More