Ethical Hacking | Penetration Testing
.png)
Version 3.0.4 of WordPress has released. This version is available from the update page in the WordPress dashboard or for download here. This is a critical update to fixes a core security bug in WordPress HTML sanitation library, called KSES. This security issue has been discovered by Mauro Gentile and Jon Cave (duck_).
More technical information is available here.
The WordPress development team has released version 3.0.3 of the popular open source blogging and publishing platform, a security update for the 3.0.x branch of WordPress. According to the developers, the update addresses a privilege escalation issue in the remote publishing interface that, under certain circumstances, could have allowed Author and Contributor-level users to improperly edit, publish or delete posts.
Read the full story here.
Source:[TheHSecurity]
WordPress Register Plus plugin that enhance the WordPress registration page by adding custom logo, invitation codes, disclaimers, CAPTCHA validation, email validation and user moderation has multiople Cross Site Scripting (XSS) vulnerabilities.
According to Securityfocus.com, an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
These multiple cross-site scripting vulnerabilities have been classified as input validation error due to Register Plus issue to properly sanitize user-supplied input.
Register Plus 3.5.1 is vulnerable; other versions may also be affected.
Related Article:
http://websecurity.com.ua/4539 (Russian)
.png)