| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 21 Nov 2009 23:25:19 +0200 From: "MustLive" <mustlive@...security.com.ua> To: <full-disclosure@...ts.grok.org.uk> Subject: Vulnerabilities in plugins for WordPress Hello Full-Disclosure! I want to tell you about different vulnerabilities in plugins for WordPress. About some of them there were posts to Bugtraq list earlier. This August I made a summary about all vulnerabilities in plugins for WordPress (http://websecurity.com.ua/3397/), which I found during 2006-2009. In this list 135 different vulnerabilities are mentioned in 20 plugins for WordPress. Including Cross-Site Scripting, Insufficient Anti-automation, Cross-Site Request Forgery, Directory Traversal, Arbitrary File Deletion, Denial of Service, Full path disclosure, Insufficient Authorization, Information Leakage, Abuse of Functionality, HTTP Response Splitting, SQL Injection and CRLF Injection vulnerabilities. Most posts mentioned in the list are on Ukrainian (so use Google Translate), but some of them are on English - posts from my Month of Bugs in Captchas (MoBiC) project, which I made in 2007. Take care of your plugins for WP and web sites which use them. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists