Support » Everything else WordPress » Check your plugins!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Samuel Wood (Otto)

    (@otto42) Admin

    I checked, and AdServe has been fixed and updated to 0.3:

    Haven’t found the others yet.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    wp-cal has not been fixed, but can be easily enough…

    In the wp-cal/functions/edit-event.php file, find this:
    $id = $_GET['id'];

    And change it to this:
    $id = (int) $_GET['id'];

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    fGallery has not been fixed either, however can be as well…

    In fgallery/fim-rss.php, change this:

    $cat = $wpdb->get_row("SELECT * FROM $cats WHERE id = $_GET[album]");
    $images = $wpdb->get_results("SELECT * FROM $imgs WHERE cat = $_GET[album] AND status = 'include'");

    To this:

    $album = (int) $_GET[album];
    $cat = $wpdb->get_row("SELECT * FROM $cats WHERE id = $album");
    $images = $wpdb->get_results("SELECT * FROM $imgs WHERE cat = $album AND status = 'include'");

    However, after looking around at this code a bit, I would suggest not using the fGallery plugin at all. It uses lots and lots of insecure programming methods, and while I don’t see any immediately obvious problems, I have no doubt that they are there. The plugin does no input checking whatsoever.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    The WassUp plugin has upgraded to version 1.4.3a and claims to have fixed the hole… However, their “fix” seems unusual to me, and I’m not sure why they didn’t simply escape the input string correctly (using $wpdb->escape). Nevertheless, they claim to have fixed it.




    sniplets located here:


    time to upgrade if you are using that. version 1.2 has a vulnerability — an RFI vulnerability, and those are ugly.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Check your plugins!’ is closed to new replies.