S@BUN is at it again, this time, reporting multiple SQL Injection Vulnerabilities within the Photo Album plugin for WordPress. According to the security bulletin: Multiple vulnerabilities have been identified in Photo Album (plugin for WordPress), which could be exploited by remote attackers to execute arbitrary SQL queries. These issues are caused by input validation errors in the “wppa.php” script when passing user-supplied parameters (e.g. “photo” or “album”) to certain functions (e.g. “wppa_album_name()” or “wppa_photo_name()”), which could be exploited by malicious people to conduct SQL injection attacks. Multiple security advisory services places this round of vulnerabilities as a Moderate Risk. For example, FrSIRT describes the Moderate risk as being: Remotely and locally exploitable flaws, which could lead to denial of Service or privilege escalation. Versions 1.1 and prior of this plugin are vulnerable. As always, it is recommended that you disable this plugin until a patch for it is released. [EDIT] […]
[Continue Reading...]
Archive for February, 2008
Two Column Themes Dayvan Dayvan is a two column theme which makes use of the brown color for its links. The theme is simple yet quite aesthetic. It comes pre-packaged with plugins such as meta image, SRG clean archives and ultimate tag warrior. Demo | Release Page | Download HipHop The theme is based on the popular genre of music and includes multiple colors and a cool logo in the header. The content area is small though and cannot fit in big images. Demo | Release Page | Download Photoshopfox Photoshopfox is a two column AdSense ready theme which makes use of bright colors. The sidebar looks attractive and can hold different types of advertisements including 125 x 125 banners. Demo | Release Page | Download The Wind Cries Mary This is a two column theme with a feminine touch. The theme makes use of attractive images in the background […]
[Continue Reading...]FeedBurner Quietly Kills All-Time RSS Feed Stats: I know I have looked at my all time feed stats in the past but since it would take forever to generate and timed out the last time I tried it, I am not sure this is a big loss for me. However, worthy of note is the fact that FeedBurner has languished quite a bit since being purchased by Google and they seem to have rested their laurels after making the Pro features free for everyone. In all honesty, I am quite satisfied with their (now free) service, their uptime record (knock on wood) and their feature set, so I am not as peeved about their lack of updates or lack of new features. [EDIT] FeedBurner claims the lack of all time feed stats were unintentional and things are or should be back to normal soon. Now we might never know what […]
[Continue Reading...]Cinch is a very easy way for a blogger to create interesting Podcasts with no equipment of any kind except for a phone. Follow the instructions below (or as on their website) to test it out quickly for yourself. Call (646) 200-0000 from any phone (You have to know the number/callerID of this phone, Skype would probably not work) Thats it! BlogTalkRadio puts out a podcast feed with an MP3 at a pre-defined URI. Just visit http://cinch.blogtalkradio.com/number_you_called_from (replace number_you_called_from with your phone number) Use some sort of a plugin for WordPress to import the said feed into your blog and you be podcastin’! The only major drawback I see is the phone number at the end of the RSS URI. Since this would probably be exposed over the web, if I were concerned about my phone number, this method would not work for me. However if you import the RSS […]
[Continue Reading...]WordPress.com as OpenCourseWare: Link to and discussion of using WordPress.com and consequently WordPress, as a platform for low cost, highly searchable and taggable OpenCourseWare type applications. The example blog is about blogs, wikis and such and might be an interesting read by itself. I have personally used the various iteration of educational CMSs such as WebBoard and WebCT and they have left enough to be desired that I have come running back to my beloved WordPress and bbPress to setup private blogs and forums for use by my classmates. Thanksgoes out to the work done by various educators around the world who are making good use of WordPress and thanks to Stephen for the news.
[Continue Reading...]Carrie Hill and Mary Bowling of Blizzard Internet Marketing has released a WordPess SEO Whitepaper that is available for free in PDF form. The white paper goes over the usual suspects such as the use of pretty permalinks, SEO Plugins and socializing your blog. The whitepaper also gives quite a few tips and tricks to help configure your WordPress powered blog so that it is SEO friendly from the get-go. This is an excellent read for those that are brand new to WordPress or for those curious to know what they could do to improve the SEO on their own blogs. If you happen to download and read the PDF file, let us know what you think of the information.
[Continue Reading...]I needed a *quick* and *simple* method to embed YouTube videos into my posts and wrote a small plugin to do just that. This way you do not need to find the embed code from YouTube or do anything special. You just copy the URI of the YouTube video and paste it into the body of your post. This has been tested with 2.3.x and 2.2.x and it works on both. I can add other video and media embed ability if there is request or demand. Installation is simple. Download the zip file, unzip, copy to your wp-content/plugins directory and enable. Then test by copying and pasting a YouTube URI into a post and publishing it. Thats it! Download Plugin: Embedify 1.02 (update) Please leave comments, feedback and requests. [EDIT] Please do not do anything with the URI. If you align it or make a clickable link out of it, […]
[Continue Reading...]The link to the demo has been restored 2.5 Demo Site Chris has reassured me that he has taken the proper steps to ensure that redirects and the changing of the admin username and password will not happen anymore. If you see otherwise, please let us know. Chris Johnston has announced the availability of a public WordPress 2.5 demo site. This site will house the most up to date version of WordPress 2.5 prior to its release in March. This is particularly useful to those who do not wish to setup an SVN install of WordPress on their local machine or web server. Feel free to play around within the administration panel as the database is reset with default information every hour. The login credentials for the demo are as follows: The username is admin and the password is demo. I want to personally extend a thanks to Chris for […]
[Continue Reading...]One Column Themes LaunchPad Many a times you may buy a new domain but may not have the time to launch the new blog immediately. The LaunchPad theme acts as a domain parking theme so that you can show a customized message to readers till you are ready to launch the blog. Demo | Release Page | Download Stripped Stripped is a one column theme with three sidebars in the footer area. The theme is simple and is available in multiple colors such as blue, pink, green, red, orange and purple. The author meta for the post features to the left side of the post. Demo | Release Page | Download Two Column Themes Be Mine Be Mine is a two column WordPress theme specially made for Valentine’s. The theme is available in one column and two columns in different colors such as pink, blue, purple and green. Release Page […]
[Continue Reading...]About the Author
- Jeff Chandler
Categories
- bbpress
- Best of WordPress
- Blog Templates Blog Skins Blog Themes
- Blogging
- Blogging Essays
- Blogging News
- brainstorming
- buddypress
- Business of Blogging
- CMS
- Code
- Cold Fusion
- Community Interviews
- Cool Scripts
- General
- HOW-TO
- LinkyLoo
- Movable Type Plugins
- Photolog Script
- Podcasting
- QuickLinking
- Spam
- SXSW
- TLA
- Tutorials
- User Reviews
- Web Design
- Web Ethics
- Weblog Add-Ons
- Weblog tools blog tools blogging tools
- Weekly Plugin Review
- WLTC Community
- wordcamp
- WordPress
- WordPress Discussions
- WordPress FAQs
- Wordpress for Beginners
- WordPress Hack
- WordPress News
- WordPress Plugin Competition
- WordPress Plugins
- WordPress Polls
- WordPress Security
- WordPress Templates WordPress Skins WordPress Themes
- WordPress Tips
- WordPress Tools
- WordPress Troubleshooting
- WordPress Weekly
- WordPress Widgets
- WordPress WishList
- XHTML Tips
Obviously Powered by WordPress. © 2003-2013
