Old WP-Forum Vulnerability Gets Disclosed
An vulnerability for Fredrik Fahlstad’s WP-Forum Plugin has been made public on milw0rm. The exploit appears to affect an older version (1.7.8) of the popular WordPress plugin.
The plugins homepage is already on version 2.2. This means this vulnerability was probably discovered shortly after the initial version 1.7.4 vulnerability reported by BlogSecurity in early 2008.
As this flaw has only been released now, there is a possibility that blogs who have used this version of the plugin previously and have since upgraded may have been infected.
Risk
HIGH risk
Fix
We believe this is an old flaw and shouldn’t affect the current release (v2.2 at the time of this advisory).
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
[...] Por eso cuando descubri un fallo en el plugin de WordPress WP-Forum 1.7.4 decidi que pasaba de avisar al creador (mas que nada porque llevaba sin actualizar el plugin desde tiempos inmemoriales y encima jugaba al WoW ). Sin embargo hace un par de dias leyendo un blog sobre seguridad en blogs, valga la rebundancia, publicaron exactamente el mismo fallo que yo habia descubierto pero asociandolo a la version 1.7.8. [...]