In association with heise online

03 May 2007, 16:15

Plugins pose danger to WordPress blog security

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Three plugins for popular blogging software WordPress pose a danger to system security. There are security vulnerabilities in myFlash, wordTube and wp-Table which allow an attacker to include his own PHP scripts and execute them with the web server's privileges. All three plugins were written by the same developer.

The bug is due to incorrect processing of the wppath parameter in the wordtube-button.php, js/wptable-button.php and myflash-button.php modules used by the plugins. wordTube versions 1.4.3 and earlier, wp-Table versions 1.4.3 and earlier and myFlash versions 1.10 and earlier are affected. The bugs are fixed in wordTube 1.4.4, wp-Table 1.4.4 and myFlash 1.11. Users should update or uninstall the plugins as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit