Security Information and Review

Collection of security information and review

Posts Tagged 'wordpress'

Wordpress 2.8.5 XSS and File Upload Vulnerability

Author : Admin

The latest vulnerability was discovered on Wordpress v2.8.5 with XSS ( cross site scripting ) and file upload vulnerability. A security issue and vulnerability in Wordress, which can be exploited by an attacker with malicious code to conduct script insertion attacks and compromise a vulnerable system.

The first vulnerability issue is be caused by input passed not properly sanitized before being displayed to the user. … continue reading : Wordpress 2.8.5 XSS and File Upload Vulnerability.

15 November 2009 at 23:50 - Comments

Wordpress Admin Password Vulnerability and Solutions

Author : Admin

In August 10th, 2009, a vulnerability was reported at Wordpress v2.8.3 which can be exploited by an attacker with a special crafted URL to bypass certain security restrictions.

 

An Attacker can sent request to Wordpress system with a special crafted URL to reset the password of the first user ( usually an Administrator site ) without the correct secret key. … continue reading : Wordpress Admin Password Vulnerability and Solutions.

13 August 2009 at 03:03 - Comments

Wordpress Security File Permission

Author : Admin

Wordpress is one of the biggest cms for blogging, so many problem which user not understand about security. One of the big security problem at wordpress and other web site or cms is file permission. File permission will control who can access a file and what sort of actions the can take with a file on web server / web site. So, it’s very important to harddening file permission at your web site. That’s why locking down file properly is crucial.

One of the biggest problems with any Web site is file permissions, which control who can access a file and what sort of actions they can take with a file. That’s why locking down files properly is crucial.

On computer file systems, different file and directories have permissions thas specify who and what can read, write, modify and access them.

see our profile at Technorati Profile


20 May 2009 at 15:56 - Comments