BlogSecurity » Blog Archive » HIGH RISK: wp-feedstats plugin vulnerable

HIGH RISK: wp-feedstats plugin vulnerable

Filed Under (News, WordPress) by DK on 13 July 2007

While testing the wp-feedstats plugin I found two or more critical security vulnerabilities that may allow an attacker to gain full access to your WordPress blog.

The developer of the popular plugin was contacted yesterday, however, I am yet to receive a response; in the mean time, I would strongly suggest all users disable this plugin ASAP!

A full advisory will be published in 30 or more days, when we feel satisfied the vendor has had sufficient time to produce a fixed version of the plugin, and that users have had adequate time to upgrade the plugin.

Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

Sicherheitslücken im Plugin WP-FeedStats | bueltge.de [by:ltge.de] on 13 July, 2007 at 2:37 pm #

[...] Plugin WP-FeedStats weist wohl Sicherheitslücken auf. Es empfiehlt sich, nach Angaben von BlogSecurity das Plugin vorerst zu [...]

alles was bewegt » FeedStat - mit Sicherheitslücken on 13 July, 2007 at 11:18 pm #

[...] Frank berichtet hat Blogsecurity festgestellt, dass es eine Sicherheitslücke in dem Plugin gibt. Aus diesem Grund empfiehlt es [...]

Daniel on 14 July, 2007 at 1:54 am #

Ok so maybe we also need a damn secure plugin guide.

Our work here isn’t done robin!!!

:0)

David Kierznowski on 14 July, 2007 at 2:08 am #

Daniel, I did make a start: http://blogsecurity.net/wordpress/articles/article-280507/

Daniel on 14 July, 2007 at 5:19 am #

I’m using another plugin called Feed Statistics, I hope this can help the people with the insecure one:

http://www.efinke.com/category/feed-statistics/

blogator.de » Blog Archive » WP-FeedStats vorerst deaktiviert on 14 July, 2007 at 11:50 am #

[...] das WP-FeedStats Plugin für Wordpress eine Sicherheitslücke haben soll habe ich es für diesen Blog ersteinmal abgeschaltet. Sobald es ein Update gibt werde [...]

David Kierznowski on 14 July, 2007 at 2:17 pm #

Daniel, I haven’t tested this, but thanks for the alternative. I quite like feedburner, but thats just me.

Daniel on 14 July, 2007 at 4:27 pm #

I can’t use feedburner because I have RSS channels for all categories of my website (a lot), feedburner is good for only some categories. By the way, thanks to blogsecurity team for your great job.

David Kierznowski on 14 July, 2007 at 4:29 pm #

Daniel, thanks for your feedback :)

MeloSoftXP » Vulnerabilidad grave en el plugin wp-feedstats on 16 July, 2007 at 6:27 am #

[...] Vía | BlogSecurity [...]

Plugin WP-FeedStats in neuer Version | bueltge.de [by:ltge.de] on 21 July, 2007 at 8:19 pm #

[...] 2 David von Blogsecurity hat sich nun die neue Version nochmal vorgenommen und kann keinerlei Sicherheitslücke finden, [...]

BlogSecurity » wp-feedstats persistent XSS on 26 July, 2007 at 8:12 pm #

[...] BlogSecurity released a warning regarding a critical security vulnerability found in WordPress wp-feedstats plugin. The author has made this information public, and thus the advisory has been released early with details found at the plugins homepage. We advise all wp-feedstats users to please upgrade to the latest version, available here. [...]

Comment

Name:
Email:
Website:
Message:

Comments

Welcome to BlogSecurity

Secure WordPress

Recent Posts

Have your say!

Sponsors

Additional WP Resources

Recent Comments

Posts by Category