July’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately.
If you feel you may have been hacked, use the Sucuri free scan tool.
- WordPress and Server Hardening – Taking Security to Another Level
- Fake jQuery Website Serving Redirection Malware
Packet Storm Coverage
- JW Player / SVFP / Poodll / RokBox Cross Site Scripting
- WordPress Front End Upload 0.5.4.4 Shell Upload
- WordPress Chenpress Shell Upload
- WordPress Cimy User Extra Fields 2.3.7 Shell Upload
- WordPress Count Per Day 3.1.1 Cross Site Scripting
- Site5 WordPress Theme Email Spoofing
- WordPress Resume Submissions / Job Postings 2.5.1 Shell Upload
- WordPress Generic Plugin Shell Upload
- WordPress WP-Predict 1.0 Blind SQL Injection
- WordPress MoodThingy Widget 0.9.7 SQL Injection
- WordPress Flexiweb-Form Shell Upload
WordPress Security Analysis – Jul/2012
Overall, it was a fairly quiet month in July. Not nearly as bad as it was in Jun/2012.