dedicated server help
web hosting guides
dedicated server home dedicated server forums dedicated server reviews dedicated resources partners dedicated server resources contact dedicated servers

dedicated server guides
Getting Started
General Tutorials
cPanel Tutorials
Security Center
Name Servers
Server Monitoring
Server Backups
Hosting Interviews
Web Hosting News
Reviews
For Fun
Linux Tutorials
Hosting Articles
Web Hosting Tutorials
 
 
 
web hosting tutorials
About Us
RSS Feed
Disclaimer
Site Map

 

Security Holes in WordPress Blogging Tool

Last Updated: January 4, 2010

Wordpress - a leading free blogging application has problems with security vulnerabilities. Certain scripts in WordPress are not properly validated thus leaving the scripts open to corss site scripting (XSS) attacks. In English this means it leaves the wordpress software open to 3rd parties allowing them to insert their own content.

What this means for the blogger is that someone could take over, and post links posing as the site owner. Unsuspecting readers may follow the links which may contain exploits, spyware or trojans. (Or any other malicious program.)

"Nearly every file in the administration panel of Wordpress is vulnerable for XSS attacks," writes Thomas Waldegger, who discovered the flaws and posted them to a security mailing list. Waldegger said he had reported the flaw but received no response from the WordPress development team, which acknowledged the vulnerability and said a fix is forthcoming.

"We are disappointed that we were not given the opportunity to release fixes for the problems before the information was made public, as is the usual courtesy in the security community," said a post on the WordPress forum. "However, that's water under the bridge at this point. Expect a WordPress 1.2.1 release soon, which will address these issues."

cpanel tutorials
cPanel Resources
Dedicated Servers

    Credit: netcraft.com