WP-Forum Plugin Security Bulletin
Jeff Chandler 
Thanks for visiting! We would like to serve you better. Please subscribe to our RSS feed for daily updates. This blog posts regular Wordpress news, updates of themes, plugins, ideas, hacks, quick fixes and everything about blogging, especially about Wordpress. You can also receive updates from this blog via email if you want that method of notification.
If you are currently using the latest release of the WP-Forum plugin, listen up. The websec security team has discovered a vulnerability within this plugin that can be exploited by malicious users to conduct SQL injection attacks. According to Secunia:
Input passed to the “user” parameter in the WordPress installation’s index.php script (when “forumaction” is set to “showprofile” and “page_id” to a page with the “<!–WPFORUM–>” tag) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
This vulnerability when exploited successfully allows the individual to retrieve usernames, password hashes, and email addresses for all users, including administrators. However, the user has to have knowledge of the proper database table prefix. This vulnerability has been confirmed in version 1.7.4 which is currently the most recent version available for download.
Description:
WP-Forum is a WordPress plugin that enables you to have a forum directly attached to your WordPress installation. The plugin is based on Simple Forum.
[EDIT] We wish the plugin author was notified of the vulnerability and given a chance to fix it, but there was no mention of it in the advisory. So until a fix is released, we suggest that the plugin is disabled and removed.
[EDIT] As pointed out in the comments, not the same as Simple Forum WP Plugin.
(22 votes, average: 4.27 out of 5)
Loading ...
Comments RSS
Would you be willing please, to point out that the ‘Simple Forum’ mentioned above is NOT the same as my own ‘Simple Forum WP Plugin’? (http://www.stuff.yellowswordfish.com/simple-forum/) I found out quite recently that there was a stand alone system named ‘Simple Forum’ and have been debating whether to change the name of my plugin. But I would not want people to be confused! My own forum plugin is NOT based on this third party product and also has no relationship with WP-Forum.
[Reply] Andy (1 comments.) — 01/21/2008 @ 6:30 pmThanks.
I started a thread with this information on their forum.
[Reply] Sabo (13 comments.) — 01/21/2008 @ 6:39 pm@Sabo Thanks for doing that. Although if you were to look at the comments for that plugin on the blog, it looks like development for that plugin might be dead and has been dead for quite awhile.
Thanks, this is a great revelation!
[Reply] Dhruva Sagar (15 comments.) — 01/22/2008 @ 2:23 amI could not reproduce that bug…I have some doubts that it really works
but i simply fixed but using folowing code in “forum-functions.php”:
function forum_get_profile($user){
global $user_ID, $table_threads, $wpdb, $rss_link, $profile_link;
if(is_numeric($user)) {
.....
}
just use that “is_numeric” (since user ID are integers and not strings containing sql queries).
[Reply] Cyneox — 01/22/2008 @ 3:19 pm@Dhruva Sagar Believe me, the exploit works like a charm, I already obtained some md5 hashed passwords from it. The exploit in combination with this http://md5.rednoize.com/ is going to be a playground for all the script kiddies out there.
[Reply] Sabo (13 comments.) — 01/23/2008 @ 1:17 amSorry, my comment was for Cyneox, I don´t get used to this UGLY design of this website.
Jeffro2pt0 dude, this website looks like we were in 1995.
[Reply] Sabo (13 comments.) — 01/23/2008 @ 1:20 am@Cyneox did you use that code like this:
function forum_get_profile if(is_numeric($user){
global $user_ID, $table_threads, $wpdb, $rss_link, $profile_link;
or like this?
function forum_get_profile($user){
global $user_ID, $table_threads, $wpdb, $rss_link, $profile_link;
if(is_numeric($user)) {
Because if you used the second one, I don´t know where should I close the }
[Reply] Sabo (13 comments.) — 01/23/2008 @ 1:31 am@Sabo
the code was added in “forum-functions.php”.
i used:
function forum_get_profile($user){
global $user_ID, $table_threads, $wpdb, $rss_link, $profile_link;
if(is_numeric($user)) {
...
}
the last “}” comes after the “return”.
I think this bug works only on pure wordpress (not wordpress mu) although i haven’t test it already…
[Reply] Cyneox — 01/23/2008 @ 4:41 am@Sabo
nice this you got there…can u please tell me which plugin you are using for the paged posts on the first site ?
[Reply] Cyneox — 01/23/2008 @ 11:03 amnice site you got there…can u please tell me which plugin you are using for the paged posts on the first site ?
[ SORRY FOR THE DOUBLE POST ]
[Reply] Cyneox — 01/23/2008 @ 11:04 am@Cyneox Dude, your fix didn´t work to fix the security issue, I implemented and then apply the exploit and I could obtain all the usersnames/md5hashedpasswords/e-mails@…
That fix didn´t work for a normal Wordpress installation.
And thanks about the site, for the page navigation I´m using:
http://www.mis-algoritmos.com/.....ugin-v-10/
Regards!
[Reply] Sabo (13 comments.) — 01/23/2008 @ 1:07 pm@Sabo
Well that fix did work for me. Actually I can’t really understand why it shouldn’t work.
According to http://www.php.net/is_numeric:
is_numeric ( mixed $var )
if $var is a number (integer,doubles etc.) ‘the_numeric’ will return TRUE. Else ‘FALSE’ will be returned.
In OUR case the script should verify is the paramater given to ‘user’ is an integer or not.
The normal page URL will be:
http://blabla.com/?page_id=7&a.....amp;user=1
The hack makes use of not verificating the parameter given to ‘user’:
http://www.blablabla.com/?page.....ull,concat(user_login,0×2f,user_pass,0×2f,user_email),null,null,null,null,null+from+wp_users/*
As you can see the value given to ‘user’ is NOT an integer and that’s why you add the condition (at the beginning of the script):
if (is_numeric($user)) {
// here goes the rest of the php script
}
I am using WPMU and the hack did not work on my site. Which version of Wordpress/WPMU are you using ?
[Reply] Cyneox — 01/24/2008 @ 9:57 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress › Blog » WordPress 2.3.3 — 02/5/2008 @ 1:31 am[...] paso, se alerta de otra grave vulnerabilidad, esta vez en el plugin Wp-Forum. Como aún no existe parche, se recomienda borrarlo a la espera de mejor [...]
WordPress 2.3.3, parche urgente de seguridad | Mangas Verdes — 02/5/2008 @ 2:05 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
ALERT new WORPRESS security UPDATE WP2.3.3 wordpress 2.3.3 — 02/5/2008 @ 2:11 am[...] you are putting your site at an increased risk of being exploited. As was reported by me on WeblogToolsCollection.com, malicious users are in fact taking advantage of the flaws found within the WP-Forum plugin. If you [...]
WordPress 2.3.3 Security Release » Jeffro2pt0.com — 02/5/2008 @ 2:14 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Wordpress security update Wordpress 2.3.3 release « Mich in the web WordPress.com Weblog — 02/5/2008 @ 2:30 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
New South Net Business Information Network » Wordpress security update Wordpress 2.3.3 release — 02/5/2008 @ 2:32 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Wordpress security update Wordpress 2.3.3 release » Mich in web designs developments marketing optimization services — 02/5/2008 @ 2:34 am[...] wurde geschlossen. Im zusätzlichen WP-Forum-Plugin wurde ebenfalls eine Lücke gefunden, die auch ausgiebig ausgenutzt wird. Das Plugin sollte bis zum Erscheinen eines Updates deaktiviert [...]
HDTV-Space » WordPress 2.3.3 erschienen — 02/5/2008 @ 3:05 am[...] also point to a vulnerability in the WP-Forum plugin that is being actively exploited and if you are using this plugin, remove it until an update is [...]
WordPress 2.3.3 Urgent Security Release for XML-RPC Flaw — 02/5/2008 @ 3:18 am[...] existe una vulnerabilidad en el plugin WP-Forum que está siendo explotado activamente justo ahora. Si estás utilizando ése plugin por favor [...]
Wordpress 2.3.3: actualización urgente | Blog de Marcelo Ramos | Lo que hago, lo que me interesa, lo que me llama la atención — 02/5/2008 @ 3:29 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 Released : HotSURFs.com Blog — 02/5/2008 @ 3:41 am[...] also mentioned about a vulnerabity on WP-Forum plugin. Input passed to the “user” parameter in the WordPress installation’s index.php script (when [...]
Wordpress 2.3.3 Security release — 02/5/2008 @ 3:45 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
New WordPress 2.3.3 Released — 02/5/2008 @ 3:46 amTry wrapping the input with intval( ), too. Quick fix.
[Reply] N3X15 — 02/5/2008 @ 3:52 am[...] anche al plugin WP-Forum: in questo caso il bug, confermato nella versione 1.7.4, è ben più grave in quanto consente, [...]
» Wordpress 2.3.3 e WP-Forum » WordPress Italy — 02/5/2008 @ 3:54 am[...] gibt es einen Fehler im WP-Forum-Plugin (Infos). WordPress empfiehlt dieses Plugin vorerst zu [...]
WordPress 2.3.3: Dringendes Sicherheitsupdate » patch, security, sicherheit, update, upgrade, wordpress, wp » Frank Helmschrott — 02/5/2008 @ 4:00 am[...] ?????? ??????? ???????????? ?????????? ? ??????? WP-Forum, ???? ?? ??????????? ???? ??????, ?????????? ??? [...]
????? ?????? WordPress 2.3.3 | ???? ??? ????? ?? ??????? ???????? — 02/5/2008 @ 4:36 am[...] a few minor bugs fixed as well. The WordPress team recommends removing the WP-Forum plugin due to vulnerability which they need to [...]
WordPress 2.3.3 | cyprich.com — 02/5/2008 @ 4:40 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Latest version of Wordpress available 2.3.2 | Simple Informations — 02/5/2008 @ 4:47 am[...] ???????WP-Forum ????????????????????????????????? [...]
Wordpress2.3.3??-???????? | ???? — 02/5/2008 @ 5:01 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Costalfy’s Blog » Sortie de WordPress 2.3.3 — 02/5/2008 @ 5:07 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Sortie de WordPress 2.3.3 « Costalfy’s Blog — 02/5/2008 @ 5:08 am[...] das Wordpress-Forum Plugin benutzt, der lese einmal hier und entferne es dann besser … ansonsten wie gesagt oben die Datei fixen oder gleich WP 2.3.3 [...]
Wordpress: Fix fixen gehen! « Data Travelers-Blog — 02/5/2008 @ 5:45 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 ?? - Mr.bssn ????? — 02/5/2008 @ 5:49 am[...] você está usando o plugin WP-Forum, é bom atualizá-lo também, por que o bicho tá pegando pro lado dele também. Uma falha de segurança está sendo explorada e a correção já está na [...]
Wordpress 2.3.3 | SEO e Blogs - Por diversão e Dinheiro | BrPoint — 02/5/2008 @ 5:51 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 ???? | ??? — 02/5/2008 @ 6:14 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Wordpress 2.3.3 Released, Upgrade and be safe! | VaaSU.iN — 02/5/2008 @ 6:21 am[...] também uma vulnerabilidade no plugin WP-Forum que está a ser explorada por diversos indivíduos neste momento. É aconselhado a que desactivem o [...]
WordPress 2.3.3 - Actualização urgente de segurança | MUIOMUIO.NET — 02/5/2008 @ 6:32 am[...] o blog oficial do WordPress, há também uma falha de segurança no plugin WP-Forum. Se você o utiliza, trabalho dobrado. É necessário atualizá-lo [...]
Nova atualização: WordPress 2.3.3 — 02/5/2008 @ 6:39 am[...] should know that there is also a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, the recommendation is to [...]
Wordpress 2.3.3. released | My lucky number 13 — 02/5/2008 @ 6:43 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Wordpress 2.3.3 - Urgent Security Release | Problogging — 02/5/2008 @ 6:45 am[...] in 2.3.2, don’t put off the upgrade if you can help it! Also, if you use the WP-Forum plugin, read this [...]
WordPress 2.3.3 Security Update | meyithi dot com — 02/5/2008 @ 7:20 am[...] it over your existing xmlrpc.php. Otherwise, you can get the entire release here. Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
sissi ^@^ jason » Blog Archive » WordPress 2.3.3??+???? — 02/5/2008 @ 7:50 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 Urgent Security Release | Valued articles of web hosting | server administration | php | mysql | java | programmers guide — 02/5/2008 @ 7:52 am[...] ???WP-Forum ????? ?????????????????????????????????????????????????????????????????????? [...]
WordPress | ??? » WordPress 2.3.3 — 02/5/2008 @ 8:18 am[...] ?? ??? ?????? ???? ?????. ????????, ???? ?????????? ???? ????????? ??? plugin WP-Forum, ??? ?? ?? ??????????????, ?? ?????? ?? ?? [...]
???????????? ?????? » Blog Archive » ??? ?????? Wordpress: 2.3.3 — 02/5/2008 @ 8:42 am[...] plus, attention si vous utilisez le plugin wp-forum, il existe une faille qui est très activement exploitée ! Réseaux sociaux [...]
Mise à jour wordpress 2.3.3 — 02/5/2008 @ 9:04 am[...] finns också sårbarheter i WP-Forum pluggen som exploateras aktivt i dessa dagar. Om du använder det insticksprogrammet, avaktivera det [...]
WordPress Magazine : WordPress 2.3.3 — En viktig säkerhetsuppdatering — 02/5/2008 @ 9:46 am[...] of note, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 Released | Watershed Studio, LLC | Indianapolis, Indiana, USA — 02/5/2008 @ 10:15 am[...] a vulnerability within this WP-Forum plugin that can be exploited by malicious users to conduct SQL injection attacks. WP recommend to [...]
Wordpress 2.3.3 released | Bala-Krishna — 02/5/2008 @ 10:31 am[...] se descubrió una vulnerabilidad en el WP-forum plugin que al momento sigue asi, se recomienda desactivar dicho plugin hasta que sea [...]
Wordpress 2.3.3 actualizacion de seguridad | i-game — 02/5/2008 @ 11:04 am[...] se informa de que se ha detectado una vulnerabilidad en el pluginthe WP-Forum que puede ser explotada ahora mismo, y se recomienda que si estas usando este plugin, dejes de [...]
WordPress 2.3.3: Actualización de Seguridad | Linux, Gadgets e Internet | CrackVan: Aprendiz de… Maestro de… — 02/5/2008 @ 11:20 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 - ?? -- ????-??-??-??-??-??-??-??-??-??-?? — 02/5/2008 @ 11:56 am[...] ???????wp-forum?????????????????????????????????????????????? [...]
WordPress 2.3.3 ???????[??????] » Inking’s Security Blog — 02/5/2008 @ 12:14 pm[...] additional warning is issued regarding the WP Forum plugin which contains a vulnerability that is still actively exploited. If you’re running this plugin, it is strongly advised that [...]
WordPress 2.3.3 » JaypeeOnline // Blogging News & Reviews — 02/5/2008 @ 12:23 pm[...] and copy it over your existing xmlrpc.php. If you require the whole release you can get here.Also a vulnerability in the WP-Forum plugin has been found and is being actively exploited right now. If you are using this plugin it’s [...]
Wordpress 2.3.3 - Security Release : Yeepage — 02/5/2008 @ 12:32 pm[...] também uma vulnerabilidade no plugin WP-Forum que está a ser explorada por diversos indivíduos neste momento. É aconselhado a que desactivem o [...]
Wordpress 2.3.3 — 02/5/2008 @ 12:34 pm[...] vi è una vulnerabilità nel plugin WP-Forum , se stai usando questo plugin, è meglio rimuovere fino a quando non sarà disponibile un [...]
Wordpress 2.3.3 | Liberochat — 02/5/2008 @ 12:55 pm[...] Ainda há uns outros pequenos bugs que foram resolvidos e uma notícia para aqueles que utilizam o plugin WP-Forum. [...]
Ainda agora instalei o Wordpress... | O cantinho do South... — 02/5/2008 @ 12:58 pm[...] ??cnBeta???WordPress 2.3.3 ??????????????????????????????????????????WordPress 2.3.3 ????????????????????????????????????wordpress.org.cn????? ????????????????????????????????????????????????????? WordPress 2.3.3 ???????????????? xml-prc ????????????????????????????????????????????????????????????????????bug??????64????? PHP 5.2.1????????????????????????????????????????xml-prc????????????????? xmlrpc.php ???????? xmlrpc.php???????????????? ???????wp-forum?????????????????????????????????????????????? ????????????????????????????????WordPress??????????????????????? ?????WordPress??????????????????????? [...]
WordPress 2.3.3 ??????? | Yum BloG — 02/5/2008 @ 1:37 pm[...] idea, it is not always in your best interest to have this as your set up. Apparently there is a bug in the current version of the WP-Forum plugin that allows malicious users to access your database information. Whenever you have a situation [...]
AWSOM.org = Artist Website Setup Options Markup » Blog Archive » On the Same Track as Last Post — 02/5/2008 @ 1:41 pm[...] disso, existe uma vulnerabilidade no plugin WP-Fórum que está sendo ativamente explorada no momento. Se você estiver usando este plugin, por favor [...]
WORDPRESS 2.3.3 - Atualização de Segurança | Blog Crônicas — 02/5/2008 @ 1:56 pm[...] ???????wp-forum?????????????????????????????????????????????? [...]
WordPress 2.3.3 ????? — 02/5/2008 @ 2:29 pm[...] The WP-forum plugin has a security hole that hasn’t been repaired yet. You’ll need to disable that plug-in until a fix has been made. Read about that problem here. [...]
Do This WP Update TODAY! : The Article Writer — 02/5/2008 @ 2:52 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Wordpress 2.3.3 Available for Download | John Chow dot Com — 02/5/2008 @ 3:05 pm[...] informan de una vulnerabilidad en el plugin WP-Forum. Si lo estás usando, es recomendable desactivarlo [...]
Wordpress 2.3.3 — 02/5/2008 @ 3:30 pm[...] it over your existing xmlrpc.php. Otherwise, you can get the entire release here.Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 - WebHostingBlog — 02/5/2008 @ 3:50 pm[...] pacote inteiro e actualizar o seu Wordpress. Também existe um vulnerabilidade existente no plugin WP-Forum. Se está a usar este plugin recomenda-se a desactivação do mesmo até que o seu autor [...]
Wordpress 2.33 disponível | Open Mania — 02/5/2008 @ 3:54 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Wordpress 2.3.3 Is Available for Download Now! | Calvin Harvey dot Com — 02/5/2008 @ 4:01 pm[...] sind die Version 2.32 von Wordpress (sollte schleunigst upgedatet werden) und das WP Forum, anscheinend verschiedene [...]
www.killert.de » Blog Archive » Security News — 02/5/2008 @ 4:14 pm[...] também referido, aquando desta release, que existe uma vulnerabilidade no plugin WP-Forum, o conselho é simplesmente desinstalar o plugin e aguardar que seja lançado um update do [...]
Nova versão do Wordpress (2.3.3) — 02/5/2008 @ 5:08 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Wordpress 2.3.3 Released! | ChaseSagum.com — 02/5/2008 @ 5:54 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Wordpress Update: 2.3.3 — Affiliate und Online Marketing — 02/5/2008 @ 6:36 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Actualização do Wordpress 2.33 : Bloga-se - A arte do blogging em Português — 02/5/2008 @ 8:29 pm[...] byla objevena také v pluginu WP-Forum. Pokud jej používáte, vypn?te jej, dokud autor nepublikuje [...]
TechLog: » Bezpe?nostní update: WordPress 2.3.3 (a pozor na WP-Forum plugin) — 02/5/2008 @ 8:30 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Simon Lau » Wordpress 2.3.3 — 02/5/2008 @ 9:16 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Playing With Profits » WordPress 2.3.3 urgent security release — 02/5/2008 @ 10:16 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Wordpress 2.3.3 Available for Download | ???? — 02/5/2008 @ 10:22 pm[...] este patch también se hizo un llamado a todos los webmasters para dejar de usar justamente el plugin WP-Forum debido a que presenta un [...]
¡Ahora si! Nuevo foro de TodoLibre.net | TodoLibre.net — 02/5/2008 @ 10:27 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 - time to upgrade | aM i LoST ? — 02/5/2008 @ 11:11 pm@Cyneox
I tried the patch on WP2.3.2 and didn´t worked.
We can hardly read on this “track back spam” comments. Jeffro2pt0 man, at least if you are not going to use a easy to read theme separate at least your trackbacks from the normal posts.
http://www.dailyblogtips.com/s.....ress-blog/
Regards!
[Reply] Sabo (13 comments.) — 02/5/2008 @ 11:51 pm[...] y para los que usen el plugin WP-Forum, la recomendación es deshabilitarlo y borrarlo en espera de una nueva versión, ya que la actual [...]
2.3.3: WordPress lanza nueva actualización de seguridad - FayerWayer — 02/6/2008 @ 12:02 am[...] hay una vulnerabilidad in el plugin WP-Forum la cual esta siendo explotada activamente en este momento. Si tu estas usando este plugin, por [...]
WP-Forum Plugin - Vulnerabilidad en Wordpress | Stuckerboy — 02/6/2008 @ 1:04 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
July's Blog » Blog Archive » Wordpress 2.3.3 — 02/6/2008 @ 1:16 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Security Update On WordPress 2.3.3 at shahrul.com — 02/6/2008 @ 3:11 am[...] ???????wp-forum?????????????????????????????????????????????? [...]
??? » Blog Archive » WordPress 2.3.3 ??????? — 02/6/2008 @ 5:24 am[...] gibt es ein schwerwiegendes Sicherheitsproblem mit dem WP-Forum-Plugin. Solange es kein Sicherheitsupdate gibt, wird allen Benutzern dringend geraten das Plugin zu [...]
Blogalltag » Blog Archive » Tra Tra Tralala, das nächste Wordpress Update ist da — 02/6/2008 @ 5:30 am[...] it over your existing xmlrpc.php. Otherwise, you can get the entire release here. Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 :: Robotto — 02/6/2008 @ 6:06 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Wordpress » Wordpress 2.3.3 - Security fixes at weBLOG! do YOU? — 02/6/2008 @ 6:22 am@Sabo Hey there. I am a guest blogger for WeblogToolsCollection.com and do not own this domain or have full control over the display or functionality of this blog. This blog is owned by Mark Ghosh. If you have any comments regarding this blog, the articles or just want to tell him what you think, contact him via http://weblogtoolscollection.com/contact-me/
[...] otra notita, al parecer hay un a vulnerabilidad grave en el plugin WP-Forum asi que si lo tienes activo, mejor deshabilitarlo hasta nuevo [...]
WordPress 2.3.3 - Otra actualizacion de seguridad - Teufel Blog — 02/6/2008 @ 7:53 am[...] ada kelemahan di plugin WP-Forum yang saat ini sedang dieksploitasi secara aktif. Jika Anda menggunakan plugin ini, harap [...]
WordPress | Indonesia » WordPress 2.3.3 — 02/6/2008 @ 8:03 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Careylive | Carey’s BLOG » Wordpress 2.3.3??? — 02/6/2008 @ 8:16 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Am facut upgrade. — 02/6/2008 @ 9:22 amSabo, I do not agree that they need to be separated. We can take that discussion offline. Email me at mark at wltc dot net if you would like.
[Reply] Mark Ghosh (234 comments.) — 02/6/2008 @ 9:51 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
» Blog Archive » WordPress 2.3.3 is an urgent security release — 02/6/2008 @ 10:14 am[...] ???????wp-forum?????????????????????????????????????????????? [...]
WP????2.3.3 - Booto’Blog — 02/6/2008 @ 10:24 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 | Security News Media — 02/6/2008 @ 10:44 am[...] xmlrpc.php y corrige otros fallos considerados “menores”. Tambien nos avisa de una vulnerabilidad grave en el plugin WP-Forum, que está siendo explotada “a mansalva” y nos recomienda deshabilitar el plugin hasta que el autor corrija la mencionada [...]
Wordpress 2.3.3 actualización de seguridad. | Txoko Digital — 02/6/2008 @ 10:45 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Urgent Security Release: WordPress 2.3.3 | The Anti-Abuse Project (TAAP) — 02/6/2008 @ 11:05 am[...] en Wordpress se ah dado aviso de un bug en el plugin WP-Forum, el cual esta siendo sumamente explotado, por lo cual se recomienda desactivarlo hasta que el autor [...]
iVLabs » Blog Archive » Wordpress 2.3.3 disponible — 02/6/2008 @ 1:03 pm[...] Weblog Tools Collection reports a vulnerability in the WP-Forum WordPress Plugin. [...]
WordPress Wednesday News: WordPress 2.3.3 Security Must Upgrade, Plugins Vulnerable, Automatic Upgrades, and More : The Blog Herald — 02/6/2008 @ 1:16 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
20bmp.com » Blog Archive » Wordpress 2.3.3. availabla for download — 02/6/2008 @ 1:59 pm[...] it over your existing xmlrpc.php. Otherwise, you can get the entire release here. Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Download Wordpress 2.3.3 Upgrade — 02/6/2008 @ 3:41 pm[...] disso, existe uma vulnerabilidade no plugin WP-Fórum que está sendo ativamente explorada no momento. Se você estiver usando este plugin, por favor [...]
Eduardo Coelho » Blog Archive » Wordpress 2.3.3 — 02/6/2008 @ 8:27 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 Release — 02/7/2008 @ 12:01 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Download Wordpress 2.3.3 | Webmaster 4 You — 02/7/2008 @ 8:06 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
atualize seu wordpress para nova versão 2.3.3, correções de segurança! | gutocarvalho.net — 02/7/2008 @ 10:17 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
SecondVersion.com - WordPress 2.3.3 — 02/7/2008 @ 10:50 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Mise à jour 2.3.3 de Wordpress — Etan Online — 02/7/2008 @ 4:23 pm[...] un exploit que le han encontrado al plugin wp-forum, y que usamos en este blog, desactivo hasta tanto salga [...]
La Consola » Foro desactivado — 02/7/2008 @ 4:27 pm[...] foi informado que outro bug no plugin WP- Forum foi descoberto e está sendo explorado por hackers. A recomendação neste caso é remover o [...]
Falha em WordPress permite edição de posts « Ti@go Gomes — 02/7/2008 @ 9:05 pm[...] A few more things are worth mentioning here. First thing is that if you are currently using a vulnerability in the WP-Forum plug-in, make sure you remove it till further update is available from its author because this plug-in can [...]
Can People Earn Money Online? » Blog Archives » Upgrading to WordPress 2.3.3 Now - It is an urgent! — 02/8/2008 @ 4:08 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Duckeldannys Money Blog — 02/8/2008 @ 10:29 am[...] bara den uppdaterade xmlrpc.php filen. WordPress varnar också för att många med tillägget “WP-Forum plugin” är utsatta för säkerhetsluckor just nu, man bör avaktivera detta tills uppdateringar finns [...]
Marias Noteringar » Säkerhetsuppdatering i WP — 02/9/2008 @ 6:28 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Php Blog » Blog Archive » Wordpress - Version 2.3.3 — 02/9/2008 @ 5:49 pm[...] ????????????????WP-Forum????????WordPress????????????????????????????????????? [...]
ITinternals » Blog Archive » WordPress????WordPress 2.3.3 — 02/10/2008 @ 7:14 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
Syamsulariff.com » Wordpress 2.3.3 released — 02/11/2008 @ 3:30 am[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
TechieMinds » Blog Archive » Upgraded to WordPress 2.3.3 — 02/11/2008 @ 6:45 pm[...] Pelo menos descobri a causa: plugin do fórum. O fórum está offline por tempo indeterminado, até que o criador do plugin resolva o [...]
Java Short Messages Sender » Blog Archive » Site invadido? (DENOVO) — 02/13/2008 @ 3:44 pm[...] there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress Update : The Code Sniffer — 02/13/2008 @ 7:23 pm[...] it over your existing xmlrpc.php. Otherwise, you can get the entire release here. Also, there is a vulnerability in the WP-Forum plugin that is being actively exploited right now. If you are using this plugin, please remove it until an [...]
WordPress 2.3.3 | Fromtheold — 02/14/2008 @ 4:14 am[...] additional warning is issued regarding the WP Forum plugin which contains a vulnerability that is still actively exploited. If you’re running this plugin, it is strongly advised that [...]