Recent WordPress vulns and the Open Source Vuln DB

There’s been too many WordPress vulnerabilities for my liking.  Fortunately they seem to be quick to patch but software updates are always a pain. How long before everyone starts to adopt Chrome’s auto update feature?

Luckily, I’m a fan of the Open Source Vuln Database which makes staying on top of security updates that matter to you easy.  Using the OSVDB is as simple as creating an account and search alerts for any software you’re interested in.  Here’s what I recently received regarding WP:

Osama, new or updated vulnerabilities that match your search watch list have been foundSEARCH ID: 14

OSVDB_ID:  72173

Title: WordPress Arbitrary File Upload
Disclosure Date: Apr 26, 2011Description: WordPress fails to properly validate uploaded files, allowing a remote attacker to upload a .phtml file with an appended extension (such as .gif) to execute arbitrary PHP code.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s