HIGH RISK: wp-feedstats plugin vulnerable

Posted by DK
July 13, 2007

While testing the wp-feedstats plugin I found two or more critical security vulnerabilities that may allow an attacker to gain full access to your WordPress blog.

The developer of the popular plugin was contacted yesterday, however, I am yet to receive a response; in the mean time, I would strongly suggest all users disable this plugin ASAP!

A full advisory will be published in 30 or more days, when we feel satisfied the vendor has had sufficient time to produce a fixed version of the plugin, and that users have had adequate time to upgrade the plugin.

News, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Pingback by Sicherheitslücken im Plugin WP-FeedStats | bueltge.de [by:ltge.de] on July 13, 2007 @ 2:37 pm

[...] Plugin WP-FeedStats weist wohl Sicherheitslücken auf. Es empfiehlt sich, nach Angaben von BlogSecurity das Plugin vorerst zu [...]

Pingback by alles was bewegt » FeedStat - mit Sicherheitslücken on July 13, 2007 @ 11:18 pm

[...] Frank berichtet hat Blogsecurity festgestellt, dass es eine Sicherheitslücke in dem Plugin gibt. Aus diesem Grund empfiehlt es [...]

Comment by Daniel on July 14, 2007 @ 1:54 am

Ok so maybe we also need a damn secure plugin guide.

Our work here isn’t done robin!!!

:0)

Comment by David Kierznowski on July 14, 2007 @ 2:08 am

Daniel, I did make a start: http://blogsecurity.net/wordpress/articles/article-280507/

Comment by Daniel on July 14, 2007 @ 5:19 am

I’m using another plugin called Feed Statistics, I hope this can help the people with the insecure one:

http://www.efinke.com/category/feed-statistics/

Pingback by blogator.de » Blog Archive » WP-FeedStats vorerst deaktiviert on July 14, 2007 @ 11:50 am

[...] das WP-FeedStats Plugin für Wordpress eine Sicherheitslücke haben soll habe ich es für diesen Blog ersteinmal abgeschaltet. Sobald es ein Update gibt werde [...]

Comment by David Kierznowski on July 14, 2007 @ 2:17 pm

Daniel, I haven’t tested this, but thanks for the alternative. I quite like feedburner, but thats just me.

Comment by Daniel on July 14, 2007 @ 4:27 pm

I can’t use feedburner because I have RSS channels for all categories of my website (a lot), feedburner is good for only some categories. By the way, thanks to blogsecurity team for your great job.

Comment by David Kierznowski on July 14, 2007 @ 4:29 pm

Daniel, thanks for your feedback :)

Pingback by MeloSoftXP » Vulnerabilidad grave en el plugin wp-feedstats on July 16, 2007 @ 6:27 am

[...] Vía | BlogSecurity [...]

Pingback by Plugin WP-FeedStats in neuer Version | bueltge.de [by:ltge.de] on July 21, 2007 @ 8:19 pm

[...] 2 David von Blogsecurity hat sich nun die neue Version nochmal vorgenommen und kann keinerlei Sicherheitslücke finden, [...]

Pingback by BlogSecurity » wp-feedstats persistent XSS on July 26, 2007 @ 8:12 pm

[...] BlogSecurity released a warning regarding a critical security vulnerability found in WordPress wp-feedstats plugin. The author has made this information public, and thus the advisory has been released early with details found at the plugins homepage. We advise all wp-feedstats users to please upgrade to the latest version, available here. [...]

Leave a comment

(required)

(required)