WordPress ‘Wordprew Plugin’ Security Vulnerability and What You Can Do About It
11 Feb
Posted by Sherif as Plugins, Security
|
|
Print This Post
Secunia reported Popular Wordspew plugin to have an input vulnerability which can be exploited to inject SQL commands to your wordpress installation.
User supplied input to the parameter “id” could be exploited by malicious users to inject SQL.
Here is how a visitor to your site can inject SQL through the plugin:
From the URL of the browser, they can simply type:
http://your-domain-name/plugins/wordspew/wordspew-rss.php?id= any SQL statement
You can still safely use the plugin, if you implement changes that I suggested in my previous posts:
1- Change your table prefix from wp_ to any difficult to remember prefix. No one will be able to guess your table names and tamper with your data.
2- Change the permissions on your database via cPanel. Simply, don’t allow truncating the database.
If you implement these steps, be sure to keep using all your plugins without fear of any malicious SQL Injection related attacks.
Regards.
Popularity: 20% [?]
Last Related Posts
(About)Welcome ...
Welcome to my blog! I believe that non techie people should be able to create a web presence affordably and with minimal effort!
My name is Sherif Elsisi and on this blog I share my knowledge, discovery and experience with hosting issues, Webmaster tools, security and usability.
Categories
Archives
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
Links
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Feb | ||||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 | ||||
Select eBooks
A unique ebook that will help you better secure your wordpress site.
Strongly recommended, specially if you have installed your wordpress site using cPanel's Fantastico.
247 of most commonly used phrases and keywords used in the online business world. A great addition to your online references.
Learn useful tips to having your service or product better recognized. This report includes 77 useful tips and simple changes that can make a huge difference to your online business.
Most Popular Posts
- 6 Simple Steps to Change Your Table Prefix in Wordpress
- Beware, Your Keyboard is Possibly Not Secure
- Add Login to Your Wordpress Website
- BlogSecurity Guest blogger
- Addon Domains: cPanel's Best Way to Save on Hosting
- Famous Wordpress 5 Step, 5 Minute Install
- Do You Have a Backup Plan For Your Website?
- 2 Simple Steps to Hide Wordpress Info and Better Secure Your Site.
- E-Book: Easy Steps You Should Follow to Secure Your WordPress Site
- Simple Steps to Upload Your Files to the Web Without FTP software?
Latest Posts
- How to Make Your Image Background Transparent using Gimp
- Microsoft to Fix a 17 Year Old Security Bug
- How are You Going to Fulfill Your New Year's Resolutions?
- Is Microsoft IE risky?
- cPanel Accelerated 2 Geared for Efficiency
- Holiday Greetings from New Orleans
- Wordpress 2.9 is Ready for Download
- Add and Manage Comments in Pages
- WordPress 2.8.6 Available With a Security Fix
- The WOW Effect, a Report That Brings Results
Your Testimonials
- Akram Joseph: Tdothost did an excellent job designing my website, which helped my business a great deal, very reliable, faithfull, supportive, prompt
- Aric Lim: Sherif's web-hosting service is indeed second to none. He responds promptly, gives you invaluable advice, and would even go the
- Elsa: I love Tdothost webhosting. Whenever I face problem at my wordpress website, Sherif always assist me promptly to advise and
- Sherif: Hi Geoffery,
Thank you for your kind words.
A choice can be the most important part of any work done.
Regards and - Geoffrey Mayne: TdotHost is one of the best providers of cheap web hosting. And unlike other hosts; their quality is not compromised. Down
- Nic Lim: I had some problems with wordpress. Sherif had done an excellent job of helping my website. The response from Sherif
- Michelle Lim: Tdothost has delivered more than just web hosting. There's never a time when my queries go unanswered. I
- fatiah: Affordable web hosting and value for the money. I am happy with their good service and friendly support. Wouldn't go
- Stephen: A* Hosting provider, tdothost.com is not only a great hosting provider its reliable but the icing on the cake is
- Sherif: Alex L and Alex Y, thank you so much for you feedback. Nicholas, Thanks for your comment, will add the stumble
News Headlines
- Microsoft to Fix a 17 Year Old Security Bug
- Is Microsoft IE risky?
- Google Searches on The Rise
- Facebook Allowes You to have a Unique Username
- Popular Avast Antivirus and Spyware Protection Celebrates 75 Million Registered Users
- One in 10 Americans Tweets
- Study shows Bloggers are Younger, More Educated, and Ethnically diverse.
- Online Video’s Record-Breaking Month: 10 Billion Viewed in December
- Guess How Many Have Used the Internet to Make a Purchase?
- Wordpress Overtakes typepad - WebProNews
Article Headlines
Web Hosting
- cPanel Accelerated 2 Geared for Efficiency
- Do You Have a Backup Plan For Your Website?
- Tips on How to Choose a Good Domain Name
- DomainAlley.net, a New Domain Registration Provider
- How to Troubleshoot Your Domain Access and Web Page Loading Issues
- Addon Domains: cPanel's Best Way to Save on Hosting
- Famous Wordpress 5 Step, 5 Minute Install
- Simple Steps to Upload Your Files to the Web Without FTP software?
- 40 Free Blog Hosts For You
- Does tdothost.com offer Server Side Includes (SSI)?
Wordpress
- Wordpress 2.9 is Ready for Download
- WordPress 2.8.6 Available With a Security Fix
- Free Download To Help you Install Your Wordpress Site
- Wordpress 2.7 Released
- Wordpress 2.6.3 Released Today
- WordPress 2.6.2 Released
- Wordpress 2.6 Released With more Security Features
- Famous Wordpress 5 Step, 5 Minute Install
- How Can You Easily Setup a Secure Wordpress Blog?
- Wordpress 2.5.1 has an Important Security Fix For 2.5 Users
Most Commented
- 6 Simple Steps to Change Your Table Prefix in Wordpress (42)
- Testimonials (13)
- Add Login to Your Wordpress Website (13)
- How to deny access to your wp-config.php file under WordPress installation (10)
- E-Book: Easy Steps You Should Follow to Secure Your WordPress Site (10)
- How to prevent your Wordpress Site from being SQL Injected (9)
- 2 Simple Steps to Hide Wordpress Info and Better Secure Your Site. (9)
- Hosting Service Interruption. (8)
- Addon Domains: cPanel's Best Way to Save on Hosting (8)
- Famous Wordpress 5 Step, 5 Minute Install (7)
RSS feed for comments on this post · TrackBack URI
Leave a reply