lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 14 Feb 2011 20:46:31 +0200
From: "MustLive" <mustlive@...security.com.ua>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Security of themes for WordPress

Hello participants of Mailing List.

In 2009 I already told you about security of plugins for WordPress
(http://lists.grok.org.uk/pipermail/full-disclosure/2009-November/071553.html).
And from that time I've updated that list of vulnerable plugins. And now
I'll tell you about different vulnerabilities in themes for WordPress.

Similarly to plugins, themes for WordPress also have vulnerabilities. Last
week in my post Security of themes for WordPress
(http://websecurity.com.ua/4915/) I made a summary about all vulnerabilities
in themes for WP, which I found during 2007-2011.

In this list multiple vulnerabilities in 93 themes for WordPress are
mentioned. Including Cross-Site Scripting, Full path disclosure, Abuse of
Functionality and Denial of Service vulnerabilities.

So take care of your themes (as of your plugins) for WordPress and web sites
which use them.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists