Steven J. Murdoch has discovered a vulnerability in WordPress 2.5 that may allow a registered user to gain admin level access on the blog. Only WP 2.5 blogs that permit users to register user accounts are vulnerable.

According to Steven:

This vulnerability exists because it is possible to modify
authentication cookies without invalidating the cryptographic
integrity [...]

A vulnerability has been found in Spreadsheet(wpSS) WordPress plugin.

The SQL Injection vulnerability may allow an attacker to compromise your backend database and potentially your blog and web server.

A public exploit has been released on milw0rm by 1ten0.0net1.

The ’ss_id’ parameter inside ss_load.php is not correctly escaped before being passed to the database.

It was reported that all [...]

We often have people emailing us to discuss a new plugin, an advisory, general news etc.

Blogsec now offers our users the chance to submit their hot gossip via our new News portal. Check it out, sign-up for email updates, give us your feedback, knock yourselves out :)

LAUNCH BLOG-SEC NEWS

Old clip, but its a classic, enjoy!

Find more how to and instructional Web videos on 5min.com

Check out more of our Social Networking articles here.

José Carlos Nieto Jarquín has found a vulnerability affecting WordPress 2.5 ONLY. His advisory was released on SecurityFocus yesterday.

Our recent "Secure WordPress Whitepaper Revision" shows the new WordPress SECRET_KEY variable in the ‘wp-config.php’ file. This SECRET_KEY must be set to something random, as specified in the WordPress documentation. If not, it may be possible for [...]