WordPress.org

Ready to get started?Download WordPress

Forums

Check your plugins! (6 posts)

  1. whooami
    Member
    Posted 6 years ago #

    Just a heads up:

    fGallery 2.4.1 >>
    http://www.milw0rm.com/exploits/4993

    WassUP 1.4.3 >>

    http://www.milw0rm.com/exploits/5017

    Adserve 0.2 >>

    http://www.milw0rm.com/exploits/5013

    wp-cal 0.3 >>

    http://www.milw0rm.com/exploits/4992

    Those are all less than ONE week old.

    A full list of WordPress issues that have made their way onto milw0rm is viewable by going here:

    http://www.milw0rm.com/search.php

    and putting wordpress into the search box.

    DONT let your site be exploited, stay up to date on stuff.

  2. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    I checked, and AdServe has been fixed and updated to 0.3:
    http://downloads.wordpress.org/plugin/adserve.zip

    Haven't found the others yet.

  3. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    wp-cal has not been fixed, but can be easily enough...

    In the wp-cal/functions/edit-event.php file, find this:
    $id = $_GET['id'];

    And change it to this:
    $id = (int) $_GET['id'];

  4. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    fGallery has not been fixed either, however can be as well...

    In fgallery/fim-rss.php, change this:

    $cat = $wpdb->get_row("SELECT * FROM $cats WHERE id = $_GET[album]");
    $images = $wpdb->get_results("SELECT * FROM $imgs WHERE cat = $_GET[album] AND status = 'include'");

    To this:

    $album = (int) $_GET[album];
    $cat = $wpdb->get_row("SELECT * FROM $cats WHERE id = $album");
    $images = $wpdb->get_results("SELECT * FROM $imgs WHERE cat = $album AND status = 'include'");

    However, after looking around at this code a bit, I would suggest not using the fGallery plugin at all. It uses lots and lots of insecure programming methods, and while I don't see any immediately obvious problems, I have no doubt that they are there. The plugin does no input checking whatsoever.

  5. Samuel Wood (Otto)
    Tech Ninja
    Posted 6 years ago #

    The WassUp plugin has upgraded to version 1.4.3a and claims to have fixed the hole... However, their "fix" seems unusual to me, and I'm not sure why they didn't simply escape the input string correctly (using $wpdb->escape). Nevertheless, they claim to have fixed it.

    http://wordpress.org/extend/plugins/wassup/

  6. whooami
    Member
    Posted 6 years ago #

    sniplets located here:

    http://urbangiraffe.com/plugins/sniplets/

    time to upgrade if you are using that. version 1.2 has a vulnerability -- an RFI vulnerability, and those are ugly.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags