WP TextLinkAds Plugin SQL Injection Vulnerability follow up

Posted by DK

January 18, 2008

The TextLinkAds WP plugin is dynamically generated to insert the API key. I think this dynamic generation may be wrecking havoc with version numbers. I have verified this vulnerabiility in version 3.0.8.

Please do not trust the version number on your WP TextLinkAds plugin, your plugin is likely vulnerable.

The advisory has been updated accordingly.

News, WordPress

Random Posts

Wordpress and understanding SEO
DNS Problems
Blog Under Siege
WP Contact-Form Vulnerabilities
New breed of comment spam

If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.

Comments

Comment by BloggingTom on January 18, 2008 @ 12:01 pm

What about 3.0.9, which i sent you? Cant find something around line 512 which states

$postid = $postid

Comment by DK on January 18, 2008 @ 1:29 pm

BloggingTom, looks like they have implemented our fix into the latest version. Thanks for the update.

WP TextLinkAds Plugin SQL Injection Vulnerability follow up

Random Posts

Comments

Leave a comment

Search

Archives

Categories

Recent Posts

Secure WordPress

Have your say!