WordPress
WordPress Plugin DM Albums 1.9.2 vulnerabilities
DM Albums™ is an inline photo album/gallery plugin that displays high quality images and thumbnails perfectly sized to your blog.
Two vulnerabilities have been made public:
1. Stack released a “remote file disclosure vulnerability” (Low-Medium Risk Level)
2. Septemb0x released a “remote file include vulnerability” (Critical Risk Level)
An attacker could use these vulnerabilities to potentially gain full access [...]
WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability
A critical vulnerability has been discovered in the WordPress Plugin Related Sites plugin. An exploit is available in the wild and available on Milw0rm, making this attack easier to exploit.
Although, the vulnerability says that version 2.1 is vulnerable. You should assume previous versions are vulnerable as well.
BlogSec have confirmed that the current version (at the [...]
WordPress Install Files Security Risk
Jeff Starr over at Perishable Press has discovered a way to hack a WordPress blog in rare cases where the installation files have been left behind and the database is in accessible:
The other day, my server crashed and Perishable Press was unable to connect to the MySQL database. Normally, when WordPress encounters a database error…
The [...]
WordPress MU < 2.7 Cross Site Scripting Vulnerability
Cross Site Scripting Vulnerability
Juan Galiana Lara has released details regarding a vulnerability that affects WordPress MU versions < 2.7.
Version 2.7 is NOT affected according to the advisory. So if you have upgraded to 2.7 you can ignore this advisory.
Vulnerability Details
WordPress MU prior to version 2.7 fails to sanitize the Host header correctly in choose_primary_blog function [...]
How to Firewall Your WordPress Blog
You already know to use a decent password for your blog, but brute-force or dictionary attacks aren’t the only attacks used against bloggers. It’s much cheaper and faster to exploit software flaws, and that the hackers do. A programmer’s oversight may allow a hacker to gain access to your blog to insert spyware, [...]
