First Weblog Worm targets WordPress
Filed Under (News, WordPress) by DK on 1 August 2007

beNi released 7 zero-day vulnerabilities for WordPress today as well as a the first weblog worm, which topic has interested me for some time now…

I have shared a few comments with beNi over various WordPress vulnerabilities in the past. He seemed to drop of the face of the planet, but has just launched the first public weblog worm that affects the latest versions of WordPress.

We are hoping to have a chat to him soon about these risks . . . we are also awaiting WordPress’s response when they finally see his work which includes some persistent XSS vulnerabilities.

Although, I don’t know if I agree completely with just blurting out 7 holes in a blog software with 2-3 million users, its great research. Nice work beNi.

All I can say is, ouch!

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Read and Contribute to BlogSec News!

Comments

ijliao on 1 August, 2007 at 4:35 pm #

WordPress XSS worm


Der freundliche XSS-Wurm für Wordpress « Sicherheit,wordpress,XSS-Lücke,Weblogsoftware « Weblogs und Wikis on 2 August, 2007 at 9:43 am #

[…] blogsecurity] auch Frank Bültge und Perun schrieben bereits darüber. Diesen Beitrag anderen Nutzern […]


padawan.info on 2 August, 2007 at 11:09 am #

XSS “Service Pack” for WordPress…

A German web security searcher has found seven XSS (Cross Site Scripting) vulnerabilities in WordPress and has launched a patch……


BlogSecurity » WordPress 2.2.2 on 5 August, 2007 at 7:51 pm #

[…] The release was mainly to address the recent problems posted by beNi. […]


Broadcasting Security Vulnerabilities « Collin’s Geek Rants on 8 August, 2007 at 6:02 pm #

[…] Geek and wordpress Why do people do it? Over at Blog Security there are regularly reports of people finding and publishing on their blogs security vulnerabilities in […]


Comment
Name:
Email:
Website:
Message: