rene.schmidt

Tag: wordpress

  • The keys to running a successful WordPress blog — technically speaking

    Heise online reports WordPress is going to clean up the plugins dir because plugins “suck” and that — despite this fact — WordPress has become a constant in the web because large blogs such as Smashing Magazine are using it. How do large WordPress blogs like Smashing Magazine accomplish this when plugins suck so much?…

  • WP Plugin Security: Multiple Leaks in WP-PhotoContest

    What IS WP PhotoContest? The readme states: This plugin permits you to create a ‘voting for photos-contest’ from the WordPress admin panel Subscribed users can uploads photos and everyone else can vote for the uploaded photos (sic). The author could rephrase that as follows: This plugin permits everyone to inject SQL commands into the database…

  • WP Plugin Security: When the genius is out for lunch

    I am in the mood for some more ranting… Why am I doing this? The low security level in the WordPress community aggravates me. And I care about the security of WordPress users out there. So here goes the next issue. It’s a rather insignificant XSS security vulnerability but since the WP theme’s author runs…

  • WP Plugin Security: WP Shopping Cart/WP eCommerce Security Holes

    Another week, another security hole. This time I have found several holes in ajax-and-init.php from WP-eCommerce v3.7.4 aka WP Shopping Cart. It is the latest stable version. Let’s go. The first issue is an unrestricted file deletion security breach. Remote attackers can trick a logged in WP user to click prepared links that can make…