2 Plugin Security Bulletins
If you like this post, please subscribe to our RSS feed to read our new posts every day.
NBBN has discovered some cross site scripting vulnerabilities for the WP-Footnotes plugin version 2.2 for WordPress.
Input passed to the “pre_footnotes”, “priority”, “post_footnotes”, and “style_rules” array elements in the “wp_footnotes_current_settings[]” array in the admin_panel.php script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
The good news this time around is that, ‘register_globals‘ must be turned on for exploitation to occur. If you are using this plugin on your site, it is advised that you disable the plugin until a security patch has been released. According to the security bulletin, the solution is to edit the plugin source code to ensure that input is properly sanitized.
Again, if you know that your webserver has register_globals turned off, you are in the clear.
S@BUN has reported an “id” based SQL injection vulnerability within the WordsPew plugin version 3.x for WordPress.
Input passed to the parameter “id” in wordspew-rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The solution again is to edit the source code of the plugin to make sure that input is sanitized.
(4 votes, average: 4 out of 5)
Loading ...
Visitors who read this post, also read:
Related posts from the past
- 2in1 Security Bulletin
- WP-Forum Plugin Security Bulletin
- Photo Album Plugin Vulnerabilities
- Comment Remix Security Bulletin
- Permalinks Migration Vulnerability
- Plugin Deactivation Issues Solved With Actions and Filters
- All In One SEO Lives On
- Wordpress Vulnerabilities
- WP-Stats Plugin Vulnerability
- Holy Plugins Batman!
Comments RSS
Obviously Powered by 
As always, thanks for the information and heads up!
[Reply]
Tadd (88 comments.) — 02/7/2008 @ 11:25 amThese security alerts are excellent, just what was needed and thanks for taking the time to find this info out and posting for all to read!
Things are really coming to together in the WordPress community are they not?
[Reply]
KirkM (1 comments.) — 02/7/2008 @ 11:37 amI agree with KirkM ↑ , somebody should start monitoring wp-related security “consistently”. thanks for the notes jeff
[Reply]
chaoskaizer (60 comments.) — 02/7/2008 @ 11:53 amTnx, for the advise =), as always good info.
[Reply]
Power (6 comments.) — 02/7/2008 @ 12:06 pm[...] à noter que ce matin, j’ai lu également l’annonce de cette faille. [...]
Playmobils Estropiés & Associés » Blog Archive » Faille sécurisée: attention à la shoutbox (wordsprew) de Pierre danger injection sql — 02/7/2008 @ 7:11 pm@chaoskaizer - Several sites already do. The ones I follow are,
http://blogsecurity.net
http://www.securityfocus.com
http://www.milw0rm.com
With MilwOrm just type ‘WordPress’ in the search box.
[Reply]
Len — 02/8/2008 @ 1:19 am[...] possibility of a SQL injection in the wordspew-rss.php file. Thanks to Jérôme who informs me and S@BUN who discover the bug (but to not alert me ) Have a try on it and give me some feedback please [...]
Le Blog de Pierre » Archive du blog » AJAX Shoutbox (with sound alert, who’s online and without spam) — 02/8/2008 @ 5:46 am[...] WP-Footnotes (Weblog Tools Collection » Blog Archive » 2 Plugin Security Bulletins??) [...]
???????? » ?????????????????????????????????? — 02/8/2008 @ 10:25 am[...] reading this, Mari deactivated the plugin WP Footnotes on both blogs that were running it, Mt and Mt’s [...]
Updates at Misstuned » Blog Archive » Deactivated WP Footnotes — 02/14/2008 @ 12:26 am[...] Weblog Tools Collection announces two Plugin security issues with WP-Footnotes and WordSpew AJAX Shoutbox. [...]
WordPress Wednesday News: WordPress 2.5 News, Colleges and Schools Love WordPressMU, Viddler Meets WordPress, Theme Buyers Beware, Columns in Blog Posts, Feeds Without Plugins : The Blog Herald — 02/20/2008 @ 7:57 pm