lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Feb 2011 20:46:31 +0200 From: "MustLive" <mustlive@...security.com.ua> To: <full-disclosure@...ts.grok.org.uk> Subject: Security of themes for WordPress Hello participants of Mailing List. In 2009 I already told you about security of plugins for WordPress (http://lists.grok.org.uk/pipermail/full-disclosure/2009-November/071553.html). And from that time I've updated that list of vulnerable plugins. And now I'll tell you about different vulnerabilities in themes for WordPress. Similarly to plugins, themes for WordPress also have vulnerabilities. Last week in my post Security of themes for WordPress (http://websecurity.com.ua/4915/) I made a summary about all vulnerabilities in themes for WP, which I found during 2007-2011. In this list multiple vulnerabilities in 93 themes for WordPress are mentioned. Including Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities. So take care of your themes (as of your plugins) for WordPress and web sites which use them. Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists