WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability

Posted by DK
July 1, 2009

A critical vulnerability has been discovered in the WordPress Plugin Related Sites plugin. An exploit is available in the wild and available on Milw0rm, making this attack easier to exploit.

Although, the vulnerability says that version 2.1 is vulnerable. You should assume previous versions are vulnerable as well.

BlogSec have confirmed that the current version (at the time of writing this) is NOT vulnerable  (v2.2.1).

Upgrading to the latest version should address this issue.

Advisories, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Comment by MustLive on July 1, 2009 @ 6:54 pm

David

This exploit for Related Sites plugin for WordPress is not working, because there is no mentioned SQL Injection vulnerability in it. As I wrote at my site (http://websecurity.com.ua/3281/). And in comments to my post I wrote in details about why this vulnerability is not working to author of this exploit.

Comment by Blog Traffic Exchange on July 4, 2009 @ 8:29 pm

For what it is worth I fixed this on 6/30 with 2.2.1 as soon as I realized.

EVERYONE SHOULD RUN 2.2.1 nothing earlier.

You should consider running BTE on this blog.

Comment by DK on July 4, 2009 @ 8:41 pm

Thanks for feedback chaps.

Leave a comment

(required)

(required)