Ogre Codes

Follow @ogre_codes to get notified when new articles are posted to this site.


WordPress Security Woes 🙈😧

Feb 28, 2017 at 10:35 AM

Stories like this are entirely too common:

Researchers Find "Severe" flaw in WordPress plugin with 1 million installs
The vulnerability stems from a "severe" SQL injection bug in NextGEN Gallery, a WordPress plugin with more than 1 million installations. Until the flaw was recently fixed, NextGEN Gallery allowed input from untrusted visitors to be included in WordPress-prepared SQL queries. Under certain conditions, attackers can exploit the weakness to pipe powerful commands to a Web server's backend database.

The inherent problem with having your platform be both an authoring tool and a publishing platform is vulnerabilities in the publishing platform expose your authoring tools to the world. This is one of the primary reasons SwiftBlog has strict separation between authoring and publishing.

A few select older vulnerabilities: