post-page

2 Plugin Security Bulletins

10
responses
by
 
on
February 7th, 2008
in
WordPress Plugins, WordPress Security

NBBN has discovered some cross site scripting vulnerabilities for the WP-Footnotes plugin version 2.2 for WordPress.

Input passed to the “pre_footnotes”, “priority”, “post_footnotes”, and “style_rules” array elements in the “wp_footnotes_current_settings[]” array in the admin_panel.php script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

The good news this time around is that, ‘register_globals‘ must be turned on for exploitation to occur. If you are using this plugin on your site, it is advised that you disable the plugin until a security patch has been released. According to the security bulletin, the solution is to edit the plugin source code to ensure that input is properly sanitized.

Again, if you know that your webserver has register_globals turned off, you are in the clear.

S@BUN has reported an “id” based SQL injection vulnerability within the WordsPew plugin version 3.x for WordPress.

Input passed to the parameter “id” in wordspew-rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The solution again is to edit the source code of the plugin to make sure that input is sanitized.

heading
10
Responses

 

Comments

  1. Tadd (89 comments.) says:

    As always, thanks for the information and heads up!

  2. KirkM (1 comments.) says:

    These security alerts are excellent, just what was needed and thanks for taking the time to find this info out and posting for all to read!

    Things are really coming to together in the WordPress community are they not?

  3. chaoskaizer (62 comments.) says:

    I agree with KirkM ↑ , somebody should start monitoring wp-related security “consistently”. thanks for the notes jeff

  4. Power (6 comments.) says:

    Tnx, for the advise =), as always good info.

  5. Len says:

    @chaoskaizer – Several sites already do. The ones I follow are,
    http://blogsecurity.net
    http://www.securityfocus.com
    http://www.milw0rm.com

    With MilwOrm just type ‘WordPress’ in the search box.



Trackbacks/Pingbacks

  1. [...] possibility of a SQL injection in the wordspew-rss.php file. Thanks to Jérôme who informs me and S@BUN who discover the bug (but to not alert me ) Have a try on it and give me some feedback please [...]

  2. [...] WP-Footnotes (Weblog Tools Collection » Blog Archive » 2 Plugin Security Bulletins??) [...]

  3. [...] reading this, Mari deactivated the plugin WP Footnotes on both blogs that were running it, Mt and Mt’s [...]

Obviously Powered by WordPress. © 2003-2013

page counter
css.php