User:Bentrem/Security « WordPress Codex

Security - Exploits, KB, and Tickets

This page in response to *cough* a comment at the head of TRAC ticked #4973 (closed 5 months ago):

From: Daniel Cuthbert <daniel.cuthbert@owasp.org>

Date: Sep 13, 2007 3:05 PM
Subject: [WEB SECURITY] When the community takes action
To: websecurity@webappsec.org

Sigh, another Wordpress exploit and issue, no shock there!
http://milw0rm.com/exploits/4397

Wordpress has a massive user-base, and it seems that the developers have little, or no, concept of any SDLC or basic secure development as every new release is met by a serious remote vulnerability that allows attackers to compromise the host blog in some form or manner.
In an ideal world, we'd see the lead developers saying they need help and asking the community for that help, but what happens when they don't?
I'm not saying become vigilantes or something, but something should be done to help projects like Wordpress act in a more socially responsible way.

Thoughts?"

from SecurityFocus.com: Search Results for: wordpress
Secunia Vulnerability Reports: WordPress 2.x and WordPress MU 1.x
MiLw0rM - Search for WordPress to find such as "Wordpress Multiple Versions Pwnpress Exploitation Tookit" *blink*

Historical Interest

MiLw0rM:
- "Wordpress 2.2 (xmlrpc.php) Remote SQL Injection Exploit"
- "Wordpress 2.1.2 (xmlrpc) Remote SQL Injection Exploit"
"Wordpress Script Insertion and SQL Injection Vulnerabilities" aka "Remote SQL Injection in WordPress and WordPress MU":
- "WordPress 2.2.2 and MU 1.2.4 - Alexander Concha <alex at buayacorp dot com> (Public Disclosure 10SEP07)
- Secunia Advisory: SA26771 - (Last Update:18SEP07)

--bentrem 21:51, 4 February 2008 (UTC)

Codex

User:Bentrem/Security

Security - Exploits, KB, and Tickets

Historical Interest

Codex Resources