Hacker, Researcher and Author.

Wordpress Plugin Easy Comment Uploads Vulnerability - Thousands Of Websites Vulnerable

Wordpress as you might know is one of the most widely used blogging platforms, As a reason of which it has became the favorite target of hackers. Wordpress itself is quite secure, however the plugins make it unsecure resulting in hack attacks, data loss etc, when they are created the developers do not think of the security or do not know how to write the secure code, hence skipping lots of necessary checks making the plugins vulnerable to attacks like SQLInjetion, Remote File inclusion etc.


One of those popular vulnerable plugin is Easy Comment Upload plugin, The version 0.61 and prior versions are affected with Arbitrary File Upload Vulnerability. The plugin fails to check the upload file type as a reason of which it can be exploited by uploading a Phtml file.




There are thousands of wordpress blogs still vulnerable to this attack. The vulnerability can be fixed by updating the wordpress easy comments plugin to version 0.71.

If you want to know more about Protecting your wordpress blog from hackers you can refer the following posts, If you still think your blog is vulnerable drop me an email and I will perform a security assessment on your blog.

4 comments:

  1. Hello,

    I need the plugin functionality but I am afraid of secure problems... You wrote about version 0.71 - but I can not find it at wordpress.org. There is only 1.01: http://plugins.svn.wordpress.org/easy-comment-uploads/tags/1.01/ Why so and does the new version has secure problems?

    ReplyDelete
  2. When the man I love broke up with me, my world fell apart. I had gone to several casters and I got no results or insufficient ones. I found samodaspellhome@gmail.com and gave another try to retrieve my lover and restore the passionate relationship I had with him. I’m so glad I did and trusted her. She performed a spiritual cleansing to banish negative energies and cast a love spell. After 3days, the man I missed dearly started to call me and told me few days ago that he still loves me and wants to try again. Thank you

    ReplyDelete
  3. Hello, my name is Dmitry. I met my girlfriend 4 years, after which she left me and went to another. I could not stand it, I wanted to return it because I love her very much, and residents without it I can not, I wanted to return it on their own but to no avail, I decided to ask for help to the mage first, I turned to the man he swore to me that will help but the result was not it was a charlatan, not enough money and effort I spent that would find the person who really helps Thank you very much Dmitry I'm very, very grateful I'll pray for you, you are my savior mag-dmitriiy@bk.ru

    ReplyDelete

© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form

Name

Email *

Message *

Powered by Blogger.