discovered possible vulnerability

May. 4th, 2015 10:58 am
solarbird: (music)
[personal profile] solarbird

I just discovered a possible vulnerability in a WordPress plugin that supports OpenID authentication for comments. The developer’s website is down and the plugin hasn’t been updated in two years.

What’s protocol for this these days? I’ve trivially patched my own install, but (particularly pending further analysis which I have not done – for all I know it’s not actually exploitable… but I kind of think it is) I strongly recommend disabling this plugin unless you have your own patch.

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby

  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2015-05-05 01:59 pm (UTC)
telophase: (Default)
From: [personal profile] telophase
Which plugin is this? (My workplace uses one...)

edit: Never mind, I lie, it's not OpenID, it's a different protocol we use. (I blame my cold).
Edited Date: 2015-05-05 01:59 pm (UTC)
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

solarbird: (Default)
solarbird
I'm on Mastodon!

Links

May 2026

S M T W T F S
     12
3456789
1011121314 15 16
17181920 212223
24252627282930
31      

Most Popular Tags

Page Summary

Active Entries