WordPress PictPress File Include Vulnerability

Posted by DK

December 19, 2007

An exploit has been made publicly available affecting Wordpress PictPress <= release0.91 plugin.

This is a remote file include vulnerability. This means an attacker requires no authentication or action from the blog administrator in order to compromise or gain full access to the blog.

This is a CRITICAL risk issue. It is recommended that you disable this plugin if in use, until a fix has been provided by the plugin developer.

Credits to Gold_M for discovering this vulnerability.

Advisories, WordPress

Random Posts

What floats your boat
Wordpress is in the Press – but Security isn’t
Interview with beNi
WordPress 2.6 Security Improvements?
BlogSec News Update

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments

Comment by DK on December 20, 2007 @ 1:32 am

Note: This is likely being exploited in the wild.

WordPress PictPress File Include Vulnerability

Random Posts

Comments

Leave a comment

Search

Archives

Categories

Recent Posts

Secure WordPress

Have your say!