Check your plugins! (6 posts)

  1. whooami
    Posted 7 years ago #

    Just a heads up:

    fGallery 2.4.1 >>

    WassUP 1.4.3 >>


    Adserve 0.2 >>


    wp-cal 0.3 >>


    Those are all less than ONE week old.

    A full list of WordPress issues that have made their way onto milw0rm is viewable by going here:


    and putting wordpress into the search box.

    DONT let your site be exploited, stay up to date on stuff.

  2. I checked, and AdServe has been fixed and updated to 0.3:

    Haven't found the others yet.

  3. wp-cal has not been fixed, but can be easily enough...

    In the wp-cal/functions/edit-event.php file, find this:
    $id = $_GET['id'];

    And change it to this:
    $id = (int) $_GET['id'];

  4. fGallery has not been fixed either, however can be as well...

    In fgallery/fim-rss.php, change this:

    $cat = $wpdb->get_row("SELECT * FROM $cats WHERE id = $_GET[album]");
    $images = $wpdb->get_results("SELECT * FROM $imgs WHERE cat = $_GET[album] AND status = 'include'");

    To this:

    $album = (int) $_GET[album];
    $cat = $wpdb->get_row("SELECT * FROM $cats WHERE id = $album");
    $images = $wpdb->get_results("SELECT * FROM $imgs WHERE cat = $album AND status = 'include'");

    However, after looking around at this code a bit, I would suggest not using the fGallery plugin at all. It uses lots and lots of insecure programming methods, and while I don't see any immediately obvious problems, I have no doubt that they are there. The plugin does no input checking whatsoever.

  5. The WassUp plugin has upgraded to version 1.4.3a and claims to have fixed the hole... However, their "fix" seems unusual to me, and I'm not sure why they didn't simply escape the input string correctly (using $wpdb->escape). Nevertheless, they claim to have fixed it.


  6. whooami
    Posted 7 years ago #

    sniplets located here:


    time to upgrade if you are using that. version 1.2 has a vulnerability -- an RFI vulnerability, and those are ugly.

Topic Closed

This topic has been closed to new replies.

About this Topic