WordPress ‘Wordprew Plugin’ Security Vulnerability and What You Can Do About It
11 Feb
Posted by Sherif as Plugins, Security
|
|
Print This Post
Secunia reported Popular Wordspew plugin to have an input vulnerability which can be exploited to inject SQL commands to your wordpress installation.
User supplied input to the parameter “id” could be exploited by malicious users to inject SQL.
Here is how a visitor to your site can inject SQL through the plugin:
From the URL of the browser, they can simply type:
http://your-domain-name/plugins/wordspew/wordspew-rss.php?id= any SQL statement
You can still safely use the plugin, if you implement changes that I suggested in my previous posts:
1- Change your table prefix from wp_ to any difficult to remember prefix. No one will be able to guess your table names and tamper with your data.
2- Change the permissions on your database via cPanel. Simply, don’t allow truncating the database.
If you implement these steps, be sure to keep using all your plugins without fear of any malicious SQL Injection related attacks.
Regards.
Popularity: 12% [?]
Last Related Posts
(About)Welcome ...
Welcome to my blog! I believe that non techie people should be able to create a web presence affordably and with minimal effort!
My name is Sherif Elsisi and on this blog I share my knowledge, discovery and experience with hosting issues, Webmaster tools, security and usability.
Categories
Archives
Calendar
| M | T | W | T | F | S | S |
|---|---|---|---|---|---|---|
| « Dec | ||||||
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | ||||
Select eBooks
A unique ebook that will help you better secure your WordPress Site.
Strongly recommended, specially if you have installed your wordpress site using cPanel's Fantastico.
247 of most commonly used phrases and keywords used in the online business world. A great addition to your online references.
Most Popular Posts
- 6 Simple Steps to Change Your Table Prefix in Wordpress
- Beware, Your Keyboard is Possibly Not Secure
- Add Login to Your Wordpress Website
- BlogSecurity Guest blogger
- Addon Domains: cPanel's Best Way to Save on Hosting
- Famous Wordpress 5 Step, 5 Minute Install
- Internet Dictionary Terms and Phrases Explained
- How to deny access to your wp-config.php file under WordPress installation
- 2 Simple Steps to Hide Wordpress Info and Better Secure Your Site.
- Do You Have a Backup Plan For Your Website?
Latest Posts
- Converting WordPress in Your Language
- Do You Know What System Hosted The First Website?
- Can I upgrade WordPress that was originally installed from Fantastico
- Meetup and 9/11
- My Two Favorite Features In WordPress 3.2
- Easy Steps to Integrating the Sliding Door Image Menu
- Is Your List of Archives Taking up all the Space on Your Webpage?
- Upgrade Your WordPress Installation to 3.0.4
- Atahualpa a WordPress Theme to Consider
- Tdothost.com to Offer Online Tutorials
Your Testimonials
- Lisa N.: Sherif, what a treasure it has been to find you. I launched my website today and could not have
- jacob basmajian: let me say something folks SHERIF ELSISI and his TDOT blog and his whole hosting services and other services he
- Phil: After my blog (with a different hosting company) was hacked, they weren't very helpful with getting me back up and
- Leeann: I stepped back in time to live a Robinson life on a tiny remote island in the middle of the
- Hani: What I like most about my website is the prompt service I receive. Every time I want to make a
- Akram Joseph: Tdothost did an excellent job designing my website, which helped my business a great deal, very reliable, faithfull, supportive, prompt
- Aric Lim: Sherif's web-hosting service is indeed second to none. He responds promptly, gives you invaluable advice, and would even go the
- Elsa: I love Tdothost webhosting. Whenever I face problem at my wordpress website, Sherif always assist me promptly to advise and
- Sherif: Hi Geoffery,
Thank you for your kind words.
A choice can be the most important part of any work done.
Regards and - Geoffrey Mayne: TdotHost is one of the best providers of cheap web hosting. And unlike other hosts; their quality is not compromised. Down
News Headlines
- Study Shows Internet as Positive for Social Relationships
- Facebook Privacy Issues, Time to Update Your Privacy Setting, or Just Quit.
- Microsoft to Fix a 17 Year Old Security Bug
- Is Microsoft IE risky?
- Google Searches on The Rise
- Facebook Allowes You to have a Unique Username
- Popular Avast Antivirus and Spyware Protection Celebrates 75 Million Registered Users
- One in 10 Americans Tweets
- Study shows Bloggers are Younger, More Educated, and Ethnically diverse.
- Online Video’s Record-Breaking Month: 10 Billion Viewed in December
Article Headlines
Web Hosting
- My Two Favorite Features In WordPress 3.2
- Tdothost.com to Offer Online Tutorials
- How to Setup and Monitor Your cPanel's Raw Access Logs
- Issue Setting Up Godaddy's Total DNS for Domain Parking with Adsense
- cPanel Accelerated 2 Geared for Efficiency
- Do You Have a Backup Plan For Your Website?
- Tips on How to Choose a Good Domain Name
- How Do You Manage Your Email Accounts?
- DomainAlley.net, a New Domain Registration Provider
- How to Troubleshoot Your Domain Access and Web Page Loading Issues
Wordpress
- Converting WordPress in Your Language
- My Two Favorite Features In WordPress 3.2
- Upgrade Your WordPress Installation to 3.0.4
- Planning Your Permalinks for Efficiency
- Wordpress 2.9 is Ready for Download
- WordPress 2.8.6 Available With a Security Fix
- Free Download To Help you Install Your Wordpress Site
- Wordpress 2.7 Released
- Wordpress 2.6.3 Released Today
- WordPress 2.6.2 Released
RSS feed for comments on this post · TrackBack URI
Have your say, your comments are very welcome.
I appreciate you taking the time to comment, please consider the following when commenting:
- Use your real name or a pseudonym you frequently use.
- Be relevant and contributive to the post.
- If you want to ad a link, pick a relevant link to the post.
Please note: I reserve the right to edit, censor, and/or delete any comment.