Comments on: dmsguestbook, st_newsletter, Wordspew, wp-footnotes vulnerabilities [Update2]

By: WordPress Security - More On Themes And Plugins (ActiveBlogging)

WordPress Security - More On Themes And Plugins (ActiveBlogging) — Thu, 27 Mar 2008 05:11:32 +0000

[...] Blogsecurity.net (an excellent security blog and well worth bookmarking) reported on the security flaws of some packages and poorly formed mySQL input. Note this isn’t malicious coding of plugins – it’s just code that hasn’t been checked thoroughly in its inputs. Still, the end result is someone gets access to something they shouldn’t. [...]

By: WordPress Podcast: Episode 34: WordPress 2.3.3 released, more security problems and Prologue | Pittsburgh Punch

Wed, 27 Feb 2008 04:59:15 +0000

[...] array elements could execute unsanitized HTML to exploit the plugin. Other plugins with problems: WordsPew v3.x reported an “id” based SQL injection vulnerability, dmsguestbook 1.7.0, st_newsletter [...]

By: Episode 34: WordPress 2.3.3 released, more security problems and Prologue | PHP Podcasts

Tue, 26 Feb 2008 05:16:36 +0000

By: BlogSecurity » Blog Archive » WordPress BlogWatch

BlogSecurity » Blog Archive » WordPress BlogWatch — Sun, 10 Feb 2008 19:01:49 +0000

[...] SQL Injection Vulnerability (more) [...]

By: Pierre Sudarovich

Pierre Sudarovich — Fri, 08 Feb 2008 09:24:44 +0000

Hi all,
ok the bug in wordspew-rss.php is now corrected ;)

By: DK

DK — Tue, 05 Feb 2008 09:40:38 +0000

Again, as I stressed before, secure coding functions, documentation and procedures need to be in place before this gets better!