Tag: security
-
Do we even need SSL?
“Do we even need SSL?” — In almost every project where hosting of some kind is involved this question comes up. While SSL clearly can be improved it is the most easy way of secure transfer between web servers and web surfers. In which cases is SSL expendable? IMHO, encrypted data transfer via SSL is…
-
The keys to running a successful WordPress blog — technically speaking
Heise online reports WordPress is going to clean up the plugins dir because plugins “suck” and that — despite this fact — WordPress has become a constant in the web because large blogs such as Smashing Magazine are using it. How do large WordPress blogs like Smashing Magazine accomplish this when plugins suck so much?…
-
Serious security issue in OneFileCMS 1.1.0
Serious security issue in OneFileCMS 1.1.0!
-
WP Plugin Security: Multiple Leaks in WP-PhotoContest
What IS WP PhotoContest? The readme states: This plugin permits you to create a ‘voting for photos-contest’ from the WordPress admin panel Subscribed users can uploads photos and everyone else can vote for the uploaded photos (sic). The author could rephrase that as follows: This plugin permits everyone to inject SQL commands into the database…
-
WP Plugin Security: When the genius is out for lunch
I am in the mood for some more ranting… Why am I doing this? The low security level in the WordPress community aggravates me. And I care about the security of WordPress users out there. So here goes the next issue. It’s a rather insignificant XSS security vulnerability but since the WP theme’s author runs…
-
WP Plugin Security: WP Shopping Cart/WP eCommerce Security Holes
Another week, another security hole. This time I have found several holes in ajax-and-init.php from WP-eCommerce v3.7.4 aka WP Shopping Cart. It is the latest stable version. Let’s go. The first issue is an unrestricted file deletion security breach. Remote attackers can trick a logged in WP user to click prepared links that can make…