discovered possible vulnerability

May. 4th, 2015 10:58 am
solarbird: (music)
[personal profile] solarbird

I just discovered a possible vulnerability in a WordPress plugin that supports OpenID authentication for comments. The developer’s website is down and the plugin hasn’t been updated in two years.

What’s protocol for this these days? I’ve trivially patched my own install, but (particularly pending further analysis which I have not done – for all I know it’s not actually exploitable… but I kind of think it is) I strongly recommend disabling this plugin unless you have your own patch.

Mirrored from Crime and the Blog of Evil. Come check out our music at:
Bandcamp (full album streaming) | Videos | iTunes | Amazon | CD Baby

  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2015-05-05 01:59 pm (UTC)
telophase: (Default)
From: [personal profile] telophase
Which plugin is this? (My workplace uses one...)

edit: Never mind, I lie, it's not OpenID, it's a different protocol we use. (I blame my cold).
Edited Date: 2015-05-05 01:59 pm (UTC)
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

solarbird: (Default)
solarbird
I'm on Mastodon!

Links

February 2026

S M T W T F S
12 34567
89101112 1314
15161718192021
22232425262728

Most Popular Tags

Page Summary

Active Entries