WordPress
Old WP-Forum Vulnerability Gets Disclosed
An vulnerability for Fredrik Fahlstad’s WP-Forum Plugin has been made public on milw0rm. The exploit appears to affect an older version (1.7.8) of the popular WordPress plugin.
The plugins homepage is already on version 2.2. This means this vulnerability was probably discovered shortly after the initial version 1.7.4 vulnerability reported by BlogSecurity in early 2008.
As [...]
WordPress Security Predictions in 2009
Okay, deep breath, in 2008, we saw Cross-Site Scripting, SQL injection, SQL truncation, Cookie generation weaknesses, Directory Traversal, Arbitrary File Uploads and Cross Site Request Forgery attacks, to name a few?
A mouth full but it made for a very interesting 2008 case study of security developments in a popular open source PHP application.
The WordPress core [...]
WordPress <= 2.6.3 XSS Vulnerability
Jeremias Reith has published the advisory to Bugtraq which includes a proof of concept exploit that may allow an unauthenticated attacker access to your blog.
Product affected: WordPress
Version(s):
WordPress 2.6.2 Snoopy Vulnerability
WordPress announced the following vulnerability in WordPress 2.6.2:
A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately. 2.6.3 is available for download right now. If [...]
st_newsletter SQL Injection
The st_newsletter Plugin is once again vulnerable to SQL Injection.
The hole is located within the page stnl_iframe.php, the parameter newsletter is missing correct sanitisation and so the plugin is prone to this attack. Currently we’re not aware about any fixes, users should disable the Plugin in the meantime, or should fix the problem their self. [...]
