WP Spreadsheet(wpSS) SQL Injection

Posted by Philipp

April 24, 2008

A vulnerability has been found in Spreadsheet(wpSS) WordPress plugin.

The SQL Injection vulnerability may allow an attacker to compromise your backend database and potentially your blog and web server.

A public exploit has been released on milw0rm by 1ten0.0net1.

The ’ss_id’ parameter inside ss_load.php is not correctly escaped before being passed to the database.

It was reported that all versions before 0.6 are vulnerable. The plugin homepage is currently not available. Therefore, we can’t prove that the version 0.61(released August ‘07) is indeed safe to use.

It is recommended that you disable this plugin until a fix has been verified.

Advisories, Alerts, WordPress

Random Posts

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments

Comment by Tim R. on April 24, 2008 @ 10:22 pm

This and several other sql holes have been plugged in version 0.62.

0.61 was vulnerable.

Comment by DK on April 24, 2008 @ 10:53 pm

Thanks for the feedback Tim.

Pingback by Sicherheitshinweis: SQL-Injektion bei WP Spreadsheet on April 25, 2008 @ 8:00 am

[...] Schadcode in die eigene Datanebank einzuschleusen. Eine entsprechende Warnugn gab es heute auf blogsecurity.net. Dort finden sich auch ein paar mehr Details zur Sicherheitslücke – leider keine Lösung [...]

Pingback by Vulnerabilidad en el plugin WP Spreadsheet | Ayuda WordPress on April 26, 2008 @ 12:09 am

[...] Vía | BlogSecurity [...]

Pingback by WP Spreadsheet(wpSS) SQL Injection | AtA-GRuP on May 11, 2008 @ 5:12 pm

[...] http://blogsecurity.net/wordpress/wp-spreadsheetwpss-sql-injection/ [...]