Recommended Posts

Get Indexed by Google in 48 Hours or Less
Remote Desktop at Work - Evading a Firewall
Blackberry Email Encryption for MS Exchange
A Resolution to Comcast Connectivity Issues
Block Advertisements Without 3rd Parts Apps

Most Commented

Make Money With a Poor Mans BANS (Bu ... (127)
1 Month Commission Junction Earnings ... (29)
Free Web Site Reviews ... (19)
Howto: Remote Desktop At Work, Evadi ... (19)
Accountability Is Necessary - Everyw ... (18)

Another Wordpress Plugin Vulnerability: WP-Forum 1.7.4

Milworm.com has released another Wordpress plugin vulnerability, this time it’s WP-Forum 1.7.4. I’m no expert at deciphering exactly how exploits work, but this remote sql injection appears to grant the attacker administrative privileges. If you’re using WP-Forum 1.7.4 or earlier on your Wordpress blog, uninstalling this vulnerable plugin is highly recommended.

I was unable to locate a patch or update, so if you happen to come across this information, please share your findings with everyone by submitting a comment.

In the mean time, here’s a list of potentially helpful sites:

http://www.milw0rm.com/exploits/4939 - the exploit code/example

http://www.fahlstad.se/wp-plugins/wp-forum/ - official plugin page?

http://www.fahlstad.se/?page_id=243 - plugin discussion/help forums

Published January 20th, 2008 by Guy Patterson | Security, Wordpress | No comments

Previous Post: Google Makes Life Easier - A Thank You to Google

Next Post: Hackers Lay Off Death Video

Additional Posts Worth Reading

Comments »

No comments yet.

Subscribe

Technology Made Simple
Subscribe via Email:

Site of The Day

Sponsors

Recent Posts

Categories

Comcast (7)
Debian (9)
Development (10)
Encryption (5)
Free Stuff (13)
Google (16)
Hardware (4)
Make Money (16)
Microsoft (4)
Off-topic (20)
Politics (10)
Productivity (21)
Reviews (6)
Security (23)
Traffic Building (11)
Windows (12)
Wordpress (15)

Recent Comments

Arthur: I can’t even be an Ebay affiliate. Tried various ways but still declined. Any help or suggestions?
chicago web design: I can’t imagine that these will last very long before Google banishes them all. But for now...
D.Ksyte: Anyone involved with cron job scheduling might find this resource useful. Cron Sandbox at HxPI is an...
FoNiX: “…decode md5″ is not possible, only bruteforce: generate hash and compare with original.
Z@$#: plz plz decript this hash for me any one….its really important…. 2CAD28C7C619F27DDE7B83C4999795BA
Joe: Thanks for writing this up. I tried the second method…however after the debian install the screen looks...
Scott: Was this issue ever resolved? I just started having a problem a couple weeks ago. I don’t do any kind of...
Prashant Patel: I had integrated Sp3 in Xp But finding one problem. In the Task Manager Process windows many services...
Ed: This looks like a real ‘leet’ linux command but it misses the point. Why would a hacker keep the name of...
Sudesh: My account was disabled but I followed their guideline and in one sec it was back on Here is the...

Top Commentators

Links

Miscellaneous