6 days after Wordpress 2.2 release, Janek Vind has discovered a SQL injection vulnerability in WordPress 2.1.3, which can be exploited to conduct SQL injection attacks.

I reviewed the number of security vulnerabilities published for the major blogging platforms in the past year (May 2006 – May 2007) . The numbers are high, especially for the open source products (Wordpress, Drupal).

David Kierznowski of Operation n has discovered a serious flaw in the Akismet anti-spam plugin that comes by default with the latest version of WordPress (2.1.3).