Normally, we usually keep a maximum of two posts a day that are published on WeblogTooolsCollection as a means of keeping your dashboard from being overcome by us. However, considering that the following security bulletin has been published concerning the plugin (WP Comment Remix) and it won the WeblogToolsCollection plugin competition, I felt it was important to pass along this security bulletin to you.
According to the bulletin that was published by Chxsecurity.org version 1.4.3 contains the following vulnerabilities:
- SQL Injection: caused by unsanitized variable “p” in the ajax_comments.php file.
- Cross Site Scripting: This affects authenticated and unauthenticated users.
- Cross Site Request Forgery: the form generated through wpcr_do_options_page lacks the WordPress wp_nonce security function.
These vulnerabilities are considered HIGH risks however, the latest version (1.4.4) apparently addresses these issues. If you are using this plugin on your blog, be sure to upgrade it to the latest version.