WordPress MU < 2.7 Cross Site Scripting Vulnerability
Cross Site Scripting Vulnerability
Juan Galiana Lara has released details regarding a vulnerability that affects WordPress MU versions < 2.7.
Version 2.7 is NOT affected according to the advisory. So if you have upgraded to 2.7 you can ignore this advisory.
Vulnerability Details
WordPress MU prior to version 2.7 fails to sanitize the Host header correctly in choose_primary_blog function [...]
How to Firewall Your WordPress Blog
You already know to use a decent password for your blog, but brute-force or dictionary attacks aren’t the only attacks used against bloggers. It’s much cheaper and faster to exploit software flaws, and that the hackers do. A programmer’s oversight may allow a hacker to gain access to your blog to insert spyware, [...]
Guvnr 10 Steps to Secure WordPress Video
Guvnr has released a really detailed article securing a blog using our WordPress Security Whitepaper (which is due for an update soon). The article is titled, "10 tips to make wordpress hack proof". Has a nice ring to it.
In addition to this, Guvnr has put together a very cool video which takes one through the [...]
Twitter Vulnerability History
More and more bloggers are using Twitter as a micro-blog service. In Twitter’s words:
Twitter is a service for friends, family, and co–workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: What are you doing?
Its interesting to me to compare vulnerabilities discovered in different web 2.0 frameworks. Can [...]
3 Tips to Avoid Dangerous Themes and Plugins
We all love how easy it is to install plugins and themes but how do we know there is no hidden jack in the box waiting to pop out? Viruses, worms and backdoors could be embedded into any theme or plugin and uploaded to the Internet for public consumption.
Here are three easy to use ideas [...]
