Vulnerabilities in WordPress - Update
Security services provider Core Security has warned of an vulnerability in the processing of certain URLs in the popular WordPress blogging software, leading to various security problems. For example, unprivileged but registered users are reportedly able to examine the configuration pages of plug-ins and to change their options.
The "admin.php" dashboard component, which doesn't test access rights correctly, is to blame. Core Labs has listed some sample URLs in its report to show how the plug-ins – including the WP module for the PHPIDS (PHP-Intrusion Detection System) – can be manipulated.
The "Related Ways To Take Action" plug-in is affected by a number of cross-site scripting vulnerabilities that let an attacker run his own JavaScript in a victim's browser to, for example, read the contents of cookies on a victim's system. Another problem is that the login page handles incorrect user names and passwords differently to correct names and passwords and as a result an attacker might be able to guess a valid user name. The mail interface also acts erratically when a new password is requested.
According to the report, all versions up to WordPress 2.8 and up to WordPress MU (multi-user) 2.7.1 are affected. The vulnerabilities have reportedly been eliminated from the final versions 2.8.1 and MU 2.8.1, both of which should be available to download soon. Currently, version 2.8.1 is only available as a release candidate.
Update: - WordPress 2.8.1 is now released and available to download.
See also:
- WordPress Privileges Unchecked in admin.php and Multiple Information Disclosures, security advisory from Core Security.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
