The First Security- & Bugfix Release of the latest WordPress branch is now available. WordPress do not mention the vulnerabilities fixed on the download page, but BlogSec recommended 2.5 users upgrade ASAP.

Of all the bugs fixed, two fairly critical security issues were fixed. A Cross-Site Scripting vulnerability and the WP 2.5 Cookie Integrity Protection […]

Steven J. Murdoch has discovered a vulnerability in WordPress 2.5 that may allow a registered user to gain admin level access on the blog. Only WP 2.5 blogs that permit users to register user accounts are vulnerable.

According to Steven:

This vulnerability exists because it is possible to modify
authentication cookies without invalidating the cryptographic
integrity […]

A vulnerability has been found in Spreadsheet(wpSS) WordPress plugin.

The SQL Injection vulnerability may allow an attacker to compromise your backend database and potentially your blog and web server.

A public exploit has been released on milw0rm by 1ten0.0net1.

The ’ss_id’ parameter inside ss_load.php is not correctly escaped before being passed to the database.

It was reported that all […]

We often have people emailing us to discuss a new plugin, an advisory, general news etc.

Blogsec now offers our users the chance to submit their hot gossip via our new News portal. Check it out, sign-up for email updates, give us your feedback, knock yourselves out :)

LAUNCH BLOG-SEC NEWS

Old clip, but its a classic, enjoy!

Find more how to and instructional Web videos on 5min.com

Check out more of our Social Networking articles here.