Archive for 'Wordpress' Category

Oct 31 2007

WordPress Cross-Site Scripting

Published by under Security,Wordpress

Well, it’s time to update your WordPress installation to the latest release (2.3.1) if you haven’t done so yet. Janek Vind has posted a less critical cross-site scripting vulnerability that applies to version <2.3.0. Input passed to the ”posts_columns” parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. So this can […]

No Comments

Sep 30 2007

Malicious code insertion in WordPress

Published by under Security,Wordpress

I finally got around to upgrade to the latest WordPress (version 2.3) and I think it was highly needed due to that I’ve received unwanted comments posted to the blog from unregistered user. The vulnerabilities that have been reported in WordPress lets malicious users to conduct script insertion attacks and to conduct SQL injection attacks. […]

No Comments