Posts Tagged ‘exploit’

WordPress Search Based DOS Attack

27
responses
by
on
January 1st, 2010
in
WordPress Security

I was notified on Twitter the other day that there was a new 0 Day denial of service exploit for WordPress. When asking on Twitter if it worked, numerous people replied that the published code did work and was taking down their sites. This raised some red flags for me so I jumped into the WordPress-Dev IRC channel to figure out what was going on. The way this denial of service attack works is that a random search string is sent to the search form of a WordPress based website. Caching plugins do not work against this because the search string is randomized. It’s quite simple but what I’ve been told is that this is not an issue for WordPress to handle. Instead, this attack should be dealt with by the webhost on a firewall level. At one point, a ticket was created by Scribu but has since been closed […]

[Continue Reading...]

Comment Remix Security Bulletin

8
responses
by
on
November 1st, 2008
in
WordPress Plugins, WordPress Security

Normally, we usually keep a maximum of two posts a day that are published on WeblogTooolsCollection as a means of keeping your dashboard from being overcome by us. However, considering that the following security bulletin has been published concerning the plugin (WP Comment Remix) and it won the WeblogToolsCollection plugin competition, I felt it was important to pass along this security bulletin to you. According to the bulletin that was published by Chxsecurity.org version 1.4.3 contains the following vulnerabilities: SQL Injection: caused by unsanitized variable ā€œpā€ in the ajax_comments.php file. Cross Site Scripting: This affects authenticated and unauthenticated users. Cross Site Request Forgery: the form generated through wpcr_do_options_page lacks the WordPress wp_nonce security function. These vulnerabilities are considered HIGH risks however, the latest version (1.4.4) apparently addresses these issues. If you are using this plugin on your blog, be sure to upgrade it to the latest version.

[Continue Reading...]

Vulnerable WordPress Blogs Not Being Indexed

57
responses

Vulnerable WordPress Blogs Not Being Indexed: Technorati has decided to not index vulnerable and exploited WordPress blogs. This comes after the recent spat of hacks that were discovered on various high profile blogs and websites. What was even more interesting was the fact that some of these hacks and exploitations might have come from covert and encrypted code hidden in various themes available for free over the web. The moral of this story is that you need to upgrade your WordPress blog now to WordPress 2.5. Just so that everyone is aware, WordPress 2.5 is the latest stable version and this should be the version that everyone should upgrade to. Any older versions leaves you vulnerable. [EDIT] As mentioned on the legacy 2.0 page, WordPress 2.0.11 is the latest stable download with all the latest security fixes for the 2.0 branch. However, WordPress 2.5 is still the latest and the […]

[Continue Reading...]



Obviously Powered by WordPress. © 2003-2013

page counter
css.php