Within the last few days a number of remote SQL Injection vulnerablities within a variety of plugins have been released. This new search for this type of vulnerability follows David Kierznowski’s recent finding in the popular WP TextLinkAds plugin.

dmsguestbook 1.7.0 is vulnerable to multiple vulnerabilites. At first it’s possible to Deface your wp-config.php, an Attacker can gain in that way access to your MySQL data. It’s caused by improperly control/sanitization of the parameters folder & file. At the same time there are multiple XSS vulnerabilities which are also HIGH risk issues.

There are several SQL Injection vulnerabilities within this plugin. More information is available at bugtraq.

We highly recommend to disable and remove the plugin from your Blog until a major version release to address all these holes. It is likely that previous versions are affected as well.

The Version 1.8 is available but BlogSecurity have received reports that it does not solve all the problems.

st_newsletter 2.x is vulnerable to SQL Injection. This is caused by improper sanitisation of the newsletter parameter within the shiftthis-preview.php file. This makes it possible to retrieve a list of all registered Users and their Password hashes. This hole was discovered by S@BUN and we’re not aware of any current fixes.

Another SQL Injection was made public by S@BUN again, for Wordspew here is the parameter id in wordspew-rss.php. This parameter is not sanitized and therefore open to attacks. Again we’re not aware of any fixes.The latest version, 3.72 fixes the Vulnerability. It’s available on the official WordSpew Webpage

The last hole for now is within wp-footnotes 2.2. The current version allows access to the Adminpanel of the plugin via the URL. This results in XSS vulnerabilities. More can be found over on BugTraq. Again no fix is currently available.