Comment Rating Plugin Fixes Security Vulnerability

Jeff Chandler — Wed, 08 Dec 2010 20:00:30 +0000

If you use the Comment Rating plugin for your WordPress powered site, you are highly encouraged to upgrade to the latest version as it fixes a security vulnerability. More specifically, a Cross-site Request Forgery attack. According to the report at OSVDB.org which is an Open Source Vulnerability Database:

The flaw exists because the application does not require multiple steps or explicit confirmation for unspecified sensitive transactions for the admin function. By using a crafted URL (e.g., a crafted GET request inside an “img” tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

There is no known workaround for versions lower than 2.9.21. Kudos goes to KrebsOnSecurity for reporting the flaw and to bobking who quickly published a new version with the patch.

What Are Your Theme Standards?

Jeff Chandler — Mon, 18 May 2009 20:30:02 +0000

On a thread within the WPTavern forum, there is an interesting discussion taking place among some prominent theme authors on creating a theme standards system. The initial idea is to create a standards system which would give theme authors a goal to shoot for. However, as the discussion has progressed, it’s easy to see that this entire idea of rating themes or putting together a set of standards is a complex problem.

So after reading through that thread, I thought it would be a good idea to tap into the WordPress community to figure out what is most important to you when it comes to using a theme? Is it price, license, design, usability, functionality, or something else?

Weblog Tools Collection » rating

Comment Rating Plugin Fixes Security Vulnerability

What Are Your Theme Standards?