October’s round-up of WordPress security threats. If you have one of these plugins, make sure you’ve updated to a new version that has the vulnerability fixed, or disable the plugin immediately.
- Is WordPress.com SPAM Campaign Due to Compromise?
- Is WordPress.com
- Dealing with WordPress Malware
- Is WordPress.com WordPress Themes: XSS Vulnerabilities and Secure Coding Practices
Packet Storm Coverage
- WordPress FoxyPress 0.4.2.5 XSS / CSRF / SQL Injection
- WordPress Easy Webinar Blind SQL Injection
- WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
- WordPress Wordfence Security 3.3.5 Cross Site Scripting
- WordPress Social Discussions 6.1.1 File Inclusion / Path Disclosure
- WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure
- WordPress Abtest Directory Traversal
- WordPress Shopp 1.0.17 XSS / Shell Upload / Disclosure
- WordPress Remote Command Execution
- WordPress Spider 1.0.1 SQL Injection / XSS
- WordPress Themes Book Cross Site Scripting
- DM FileManager Remote File Inclusion
- WordPress Akismet Cross Site Scripting
WordPress Security Analysis – Oct/2012
While October didn’t have nearly as many security threats as previous months, there were a couple of major concerns that should be raised; specifically two plugins. Akismet and Wordfence.
Akismet is a widely used plugin, developed by the great folks at Automattic, and you should certainly make sure you stay up to date with the latest version.
Additionally, Wordfence, a WordPress security plugin. We mentioned the plugin in our “Has your WordPress Blog Been Hacked?” post, as a recommended plugin. So make sure you stay up to date.