Posts Tagged ‘vulnerability’

Comment Rating Plugin Fixes Security Vulnerability

No
responses
by
on
December 8th, 2010
in
WordPress Security

If you use the Comment Rating plugin for your WordPress powered site, you are highly encouraged to upgrade to the latest version as it fixes a security vulnerability. More specifically, a Cross-site Request Forgery attack. According to the report at OSVDB.org which is an Open Source Vulnerability Database: The flaw exists because the application does not require multiple steps or explicit confirmation for unspecified sensitive transactions for the admin function. By using a crafted URL (e.g., a crafted GET request inside an “img” tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification. There is no known workaround for versions lower than 2.9.21. Kudos goes to KrebsOnSecurity for reporting […]

[Continue Reading...]

The Correct Way To Report A Security Issue With WordPress

25
responses
by
on
August 12th, 2009
in
WordPress Security

If you don’t know by now, WordPress 2.8.4 has hit the public and it addresses a mild but hugely annoying issue. There was no advanced warning regarding the vulnerability but it was quickly patched in the core of WordPress for the next release. Unfortunately, word quickly spread and in fact, even my site WPTavern.com was affected by the problem as I received an email letting me know what my new password was even though I didn’t request one. Here are the details regarding the annoyance: a specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner. This doesn’t allow remote access, but it is […]

[Continue Reading...]

Multiple Mozilla Products Vulnerabilities

1
response
by
on
April 14th, 2006
in
General

Multiple Mozilla Products Vulnerabilities If you have not upgraded your Mozilla Products already, it might be high time to do so. Vulnerable products include Firefox 1.5, Thunderbird 1.5, Mozilla Suite 1.7 and Seamonkey 1.0

[Continue Reading...]



Obviously Powered by WordPress. © 2003-2013

page counter
css.php