Users of WordPress please be advised of an Information Leakage and Full path disclosure vulnerabilities in WordPress that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
WordPress-SA-08/02/2010: Information Leakage and Full path disclosure vulnerabilities in WordPress
WordPress
1. Information Leakage.
Access to backups of DB of site on WordPress is possible in plugin WordPress
Database Backup (WP-DB-Backup) via guessing of full path to them. The
backups can be created by admin or automatically. For the attack it's
needed that backups were saving at the site (at least for some time).
WP-DB-Backup - it's popular plugin (which shipped with WordPress 2.0.x),
which only from the site wordpress.org was downloaded 546218 times (at the
state of 30.07.2010).
Read more at www.criticalwatch.com
See this Amp at http://bit.ly/cN8xJB
No comments:
Post a Comment