February 7th, 2008
2 Plugin Security Bulletins
NBBN has discovered some cross site scripting vulnerabilities for the plugin version 2.2 for WordPress.
Input passed to the “pre_footnotes”, “priority”, “post_footnotes”, and “style_rules” array elements in the “wp_footnotes_current_settings[]” array in the admin_panel.php script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
The good news this time around is that, ‘register_globals‘ must be turned on for exploitation to occur. If you are using this plugin on your site, it is advised that you disable the plugin until a security patch has been released. According to the security bulletin, the solution is to edit the plugin source code to ensure that input is properly sanitized.
Again, if you know that your webserver has register_globals turned off, you are in the clear.
S@BUN has reported an “id” based SQL injection vulnerability within the plugin version 3.x for WordPress.
Input passed to the parameter “id” in wordspew-rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The solution again is to edit the source code of the plugin to make sure that input is sanitized.
Related CMS news: