wp-people, Simple Forum, WP Photo Album, Search Unleashed, Sniplets

Posted by Philipp
February 27, 2008

Once again a number of critical issues have been discovered in a variety of WordPress plugins. If you are using one of these plugins, we suggest disabling the plugin until a fix has been produced by the plugin developer. Info as follows:

WP People <=1.6 is vulnerable to SQL Injection. The person parameter is not correctly sanitised. This means the WordPress blog database and blog may be compromised. Credit goes once more to S@BUN
Original Entry on BugTraq

Simple Forum <2.1 (Build 237) The Forum and Topic parameters are not correctly sanitised. This means the WordPress blog database and blog may be compromised. S@BUN is credited for these Disclosures: SF 1, SF 2.

WP Photo Album – WPPA <1.1 The photo and album parameters are not correctly sanitised. This means the WordPress blog database and blog may be compromised.
The vulnerability was found by S@BUN and is fixed in Version 1.1 of WPPA.

Search Unleased <=0.2.0 is vulnerable to Arbitrary HTML Injection. Advisory here. Krzysztof Burghardt is credited for this discovery. This vulnerability is confirmed within Version 0.2.0 and will be fixed with the upcoming Release 0.2.1. This vulnerability is being exploited in the wild, we recommend disabling the plugin until a fix can be provided.

Sniplets 1.1.2 (and possibly other versions) have been found vulnerable to a number of HIGH risk issues, including HTML Injection, File Upload and PHP code execution. We strongly recommend disabling this plugin until a fix is provided.
nbbn@gmx.net is credited for discovering these issues.

Advisories, Alerts, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments
Comment by Jeffrey on March 5, 2008 @ 8:45 am

Thank you, nice post, very informative. Regards.

Pingback by WordPress Plugin Security Problems « Internet Security and Brand Protection on March 14, 2008 @ 11:13 am

[...] Plugin Security Problems Once again the guys over at Blog Security have cam up trumps with another great post about problems they’ve uncovered with a number of [...]

Comment by MustLive on March 20, 2008 @ 12:47 am

Philipp.

There is broken link which you need to fix – link to seclists.org in description of vulnerability in WPPA.

Comment by Philipp on March 20, 2008 @ 11:30 pm

Should be fixed, thanks for letting me know.

Comment by Frank on March 21, 2008 @ 12:18 am

This looks like a copy of old news. Most of these have been fixed for some time.

Comment by Philipp on March 21, 2008 @ 10:05 am

It’s quite good if they’re fixed already, anyway these vulnerabilities were made public just some weeks ago. And just because the vulnerability was fixed within the package it doesn’t mean that every User is using the latest version. But with this post we can at least bring attention to it that their Version may be out of date and a security risk.

Leave a comment

(required)

(required)