03 May 2007, 16:15

Plugins pose danger to WordPress blog security

Three plugins for popular blogging software WordPress pose a danger to system security. There are security vulnerabilities in myFlash, wordTube and wp-Table which allow an attacker to include his own PHP scripts and execute them with the web server's privileges. All three plugins were written by the same developer.

The bug is due to incorrect processing of the wppath parameter in the wordtube-button.php, js/wptable-button.php and myflash-button.php modules used by the plugins. wordTube versions 1.4.3 and earlier, wp-Table versions 1.4.3 and earlier and myFlash versions 1.10 and earlier are affected. The bugs are fixed in wordTube 1.4.4, wp-Table 1.4.4 and myFlash 1.11. Users should update or uninstall the plugins as soon as possible.

Channels

Services

Plugins pose danger to WordPress blog security

Also on The H:

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit