Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

WordPress Vulnerable

Pool Theme has flaws

By Alexandru Dumitru, Security News Editor

22nd of August 2007, 14:29 GMT

Adjust text size:



Enlarge picture
Surely, a lot of you people have heard of WordPress, and some of you just might be using it, but for those of you who don't know, it's a blog publishing system, written in PHP
and backed by a MySQL database. Best thing about it is that it's free!

A certain part of WordPress is vulnerable, and I'm talking here about a certain theme, Pool 1.x to be more exact. As I've red on Secunia, this flaw could be exploited by malicious users to conduct cross-site scripting attacks.

This type of vulnerability (CSS) can allow code injection (HTML or client-side scripts, for example) by hackers into websites viewed by other users. Attackers could also use this to exploit browsers or craft phishing attacks, and threats are not limited to this.

As Secunia tells us, input passed via the URL through the WordPress installation's index.php script to header.php is not properly sanitized before being returned to the user.

This vulnerability is known to affect version 1.0.7 but other versions may be flawed as well. This has been patched up by WordPress yet and it has been ranked as "less critical" by Secunia experts. There is a solution, tough - the source code could be edited to ensure that input is properly sanitized. You can find the original advisory on this link . The only problem with this is the fact that I can't tell for sure in what language it is written, though I suspect it's Ukrainian; anyway, if you do click on the link, besides all of the stuff you might not understand, there is also a piece of code posted there.

Since they say that it only affects one theme for WordPress, and not the whole software, I would just wait for a while, until they fix this issue.

TAGS:

 wordpress | vulnerability | css


Rating:
Good (3.4/5) 5 vote(s) so far    

Read by 438 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


WordPress Blogging Community Goes Mobile

Google + WordPress = Love

Google's Blog Service Now in Romanian

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive