WordPress 2.1.3 Akismet Vulnerability
David Kierznowski of Operation n has discovered a serious flaw in the Akismet anti-spam plugin that comes by default with the latest version of WordPress (2.1.3).
Given the large install base of WordPress blogging platform, I imagine that this vulnerability wil be massively exploited in the following days / weeks.
Securityfocus.com has more details on this issue, as well as a presumably functional exploit.
The vendor has issued a new version (2.0.2) which fixes the problems. Because I couldn’t find an extensive description of the bug, I tracked the SVN commit log and this is the code that changed between release 12811 and 12812 :
If you are using this plugin (very useful plugin I might say), you are advised to either install the latest version or disable it in Wordpress plugins section.
If you enjoyed this post, make sure you subscribe to my RSS feed!
Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback.
Post Info
This entry was posted on Tuesday, May 15th, 2007 and is filed under Vulnerabilities, Web Applications.You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.
Previous Post: Domain blocking with OpenDNS - Free URL Filtering ? »
Next Post: Biggest Identity Theft Incidents During May 7 - 15 »
Read More
Related Reading:- Privacy Dilemma: How to Protect Yourself Online
- Solera Networks Deep-Packet Capture Review
- WordPress Exploit Scanner
- Phishing Exposed, Brands Secured
- Scanners: New Nessus Release; New eEye Web Scanner
- Good News from ArcSight and Imperva
- CCTV Security Camera and Surveillance Equipment
- OpenDNS Offers Free Web Content Filtering
- Can I Evade ScanSafe Anywhere+ ?
- Googlehacks and Anti-Googlehacks
May 18th, 2007 10:31
[…] from Wordpres latest Akismet vulnerability, I was thinking of the impact that blogs have allready made in the way we use the internet […]