WordPress
AskApache WordPress Hardening Plugin
BlogSecurity released a popular article last year titled "Hardening WordPress with htaccess". It provided basic, yet effective techniques to harden a WordPress blog install.
Using Apache’s mod_rewrite allows us to perform basic filtering and application firewalling. AskApache is pushing mod_rewrite boundaries to the limits with a cool plugin that will allow automated anti-hack/spam htaccess rules.
The plugin [...]
WP Downloads Manager 0.2 Remote File Upload
The Wp Downloads Manager module is a plugin for WordPress.
Wp Downloads Manager is prone to a vulnerability that lets attackers upload and execute arbitrary code. This issue occurs because the application fails to sufficiently sanitize user-supplied file extensions before uploading files onto the webserver via the ‘upload.php’ script.
Successfully exploiting this issue will allow attackers to [...]
WordPress 2.6 Released
WordPress 2.6 is now available. We have mentioned from of the security improvements in an earlier post. The latest version promises a number of security enhancements as follows:
XML-RPC is turned off by default, but is easy to turn on again. Historically, attacks were possible through the XMLRPC services. We don’t know how many bloggers use [...]
WordPress 2.6 Security Improvements?
WordPress 2.6 plans to have a number of security improvements. A number of XMLRPC features will be deactivated by default. I doubt they will remove functions such as pingbacks and trackbacks, however, it is something to keep an eye on.
So will this really help secure WordPress in the future?
WordPress have been becoming more security [...]
Nextgen gallery – XSS flaw
The Nextgen Gallery Plugin version <= 0.96 have been found vulnerable to a persistent Cross Site Scripting bug..
According to the advisory, the attacker does require authentication and access to the following URL:
http://[host]/[directory]/wp-admin/admin.php?page=nggallery-manage-gallery
As far as we know, no fix is currently available.
