News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Hardened-PHP Project:
WordPress Vulnerability Advisories (XSS & Trackbacks)
January 05, 2007 @ 13:26:15

The Hardened-PHP Project has posted two new advisories today, both dealing with WordPress issues - one is a trackback problem with decoding the charset and the other an XSS vulnerability.

The first advisory notes that:

While testing WordPress it was discovered that WordPress supports trackbacks in different charsets when PHP's mbstring extension is installed. This feature can be abused to bypass WordPress's SQL parameter escaping which leads to an SQL injection vulnerability that can result in a compromise of the admin account and end in a server compromise.

The second advisory talks about a problem with the WordPress admin interface that leaves it open to cross-site scripting issues.

The WordPress group has already released an updated version to resolve both of these issues. It is highly recommended that you update your installation immediately to prevent the exploits of either of these vulnerabilities.

0 comments voice your opinion now!
vulnerability advisory wordpress crosssitescripting xss trackback charset vulnerability advisory wordpress crosssitescripting xss trackback charset


blog comments powered by Disqus

Similar Posts

PHPClasses.org: PHP Vulnerability May Halt Millions of Servers

Abhinav Singh's Blog: Wordpress style "Duplicate comment detected" using Memcached and PHP

Padraic Brady's Blog: CodeIgniter 2.0.2: Cross-Site Scripting (XSS) Fixes And Recommendations

Alan Skorkin's Blog: How To Fix The WP-Syntax Special Character Escaping Issue

Melvin Rivera's Blog: Creating a custom WordPress database error page


Community Events











Don't see your event here?
Let us know!


release code opinion component install podcast hack introduction unittest package language application framework overview security facebook series symfony2 hhvm composer

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework