August’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately.
If you feel you may have been hacked, use the Sucuri free scan tool.
- WordPress Security – Cutting Through The BS
- The Password Dilemma – Unique and Complex is the Key
- WordPress Security Presentation (in Portuguese)
- WordPress Pluggable.php Being Compromised
Packet Storm Coverage
- WordPress BBPress SQL Injection / Path Disclosure
- WordPress NextGen Cu3er Gallery Information Disclosure
- WordPress HD Webplayer 1.1 SQL Injection
- WordPress Cloudsafe365 Local File Inclusion
- WordPress Simple Forum Shell Upload
- WordPress Finder Cross Site Scripting
- WordPress Count Per Day 3.2.3 Cross Site Scripting
- WordPress Monsters Editor Shell Upload
- WordPress Rich Widget File Upload
- WordPress SEM WYSIWYG Arbitrary File Upload
- ShopperPress WordPress Theme 2.7 Cross Site Scripting
- ShopperPress WordPress Theme 2.7 SQL Injection
- WordPress Mz-Jajak 2.1 SQL Injection
- WordPress Quick Post Widget 1.9.1 Cross Site Scripting
- WordPress Easy Comment Uploads Shell Upload
- WordPress G-Lock Double Opt-in Manager 2.6.2 SQL Injection
WordPress Security Analysis – Aug/2012
August was a busy month for security alerts. Sucuri had a few important WordPress related things to say as well.
WordPress Security Presentation
As an added bonus this month, I’m including Tony Perez’s WordPress security presentation that he recently made at WordCamp Chicago.