First Weblog Worm targets WordPress

Posted by DK
August 1, 2007

beNi released 7 zero-day vulnerabilities for WordPress today as well as a the first weblog worm, which topic has interested me for some time now…

I have shared a few comments with beNi over various WordPress vulnerabilities in the past. He seemed to drop of the face of the planet, but has just launched the first public weblog worm that affects the latest versions of WordPress.

We are hoping to have a chat to him soon about these risks . . . we are also awaiting WordPress’s response when they finally see his work which includes some persistent XSS vulnerabilities.

Although, I don’t know if I agree completely with just blurting out 7 holes in a blog software with 2-3 million users, its great research. Nice work beNi.

All I can say is, ouch!

News, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Trackback by ijliao on August 1, 2007 @ 4:35 pm

WordPress XSS worm

Pingback by Der freundliche XSS-Wurm für Wordpress « Sicherheit,wordpress,XSS-Lücke,Weblogsoftware « Weblogs und Wikis on August 2, 2007 @ 9:43 am

[...] blogsecurity] auch Frank Bültge und Perun schrieben bereits darüber. Diesen Beitrag anderen Nutzern [...]

Trackback by padawan.info on August 2, 2007 @ 11:09 am

XSS “Service Pack” for WordPress…

A German web security searcher has found seven XSS (Cross Site Scripting) vulnerabilities in WordPress and has launched a patch……

Pingback by BlogSecurity » WordPress 2.2.2 on August 5, 2007 @ 7:51 pm

[...] The release was mainly to address the recent problems posted by beNi. [...]

Pingback by Broadcasting Security Vulnerabilities « Collin’s Geek Rants on August 8, 2007 @ 6:02 pm

[...] Geek and wordpress Why do people do it? Over at Blog Security there are regularly reports of people finding and publishing on their blogs security vulnerabilities in [...]

Leave a comment

(required)

(required)