Comments on: Top 10 Vulnerable WP Themes

By: Webgazette.co.uk » Blog Archive » WordPress Theme Vulnerability Confusion

Sun, 16 Nov 2008 23:08:26 +0000

[...] was surprised to find WP-Multiflex-03 listed in the post ”Top 10 Vulnerable WP Themes“on [...]

By: Philipp

Philipp — Mon, 21 Jul 2008 21:40:42 +0000

Hi Carla, I’ve just checked the Changelog of the theme, and there are two Security issues reported to be closed, one is in the linked post mentioned search Cross Site Scripting Problem and the other one is mostly the problem about the PHP_SELF thing(mentioned in Adams Comment abit above). So it seems that this theme doesn’t suffer under vulnerabilites, but we can’t tell it for sure as we didn’t made a full audit for it.
Just some late addition to Adams Post within the Changelog you find some weeks before your Post a entry about a possible security hole, mostly the mentioned problem by Adams comment. So this theme was indeed vulnerable when this post was created.

By: YSecure » First Thing’s First - Make my Blog Pretty (and attack my visitors)

Sun, 06 Jul 2008 18:21:11 +0000

[...] hackers to add their pieces of code to your blog – and attack your visitors. There’s even a scanner for [...]

By: Carla

Carla — Sun, 06 Jul 2008 04:49:07 +0000

I’ve built several blogs for clients lately using Tarski, because I found it so flexible. So my heart sunk when I saw that it was on your list. I don’t know when the list was updated last, so I thought I’d inquire whether you have any new information about vulnerabilities in the Tarski theme. OMG, I hope the versions I’ve used are OK!

Thanks for your help.

By: אבטחת וורדפרס » ITbananas

אבטחת וורדפרס » ITbananas — Wed, 18 Jun 2008 23:34:19 +0000

[...] שלתבנית שאנחנו משתמשים אין חורים באבטחה| פלאגין: [...]

By: DK

DK — Thu, 01 Nov 2007 07:13:59 +0000

libel? :)

There was alot of controversy about this post, and at some point i’ll release part 2.

There is really nothing "shoddy" about it. The vulnerability’s covered here are not just limited to PHP_SELF in the header.

If you’d like to start hunting down theme authors be my guest – I hate to sound careless but I have better things to do with my time and most of them are aware of this post by now.

By: adam

adam — Wed, 31 Oct 2007 14:05:40 +0000

i'm still baffled by this list. it seems like horribly shoddy research on your part, and possibly libel, to suggest that these themes are vulnerable, to not do the due dilligence to find out if they've been updated, or to contact the authors before listing their themes. tarski, for instance, like most themes, uses get_bloginfo(), rather than $_SERVER['PHP_SELF'].

By: Blackcell.com » Top 10 Vulnerable Wordpress Themes

Blackcell.com » Top 10 Vulnerable Wordpress Themes — Sun, 12 Aug 2007 23:32:11 +0000

[...] For More Information visit http://blogsecurity.net/wordpress/article-050807/ [...]

By: 5 Things You Can Do To Make Your Blog Safer From Hackers* :: 2k Bloggers - The Face of the Blogosphere

Sun, 12 Aug 2007 14:44:45 +0000

[...] Update your blogware if you host your own blog. That means, use the newest version of WordPress. Make sure your blog’s theme is up-to-date and secure as well. Don’t use these themes. [...]

By: WordPress Security

WordPress Security — Fri, 10 Aug 2007 18:28:25 +0000

[...] A Top10-List of vulnerable themes [...]