Millions At Risk From Critical Vulnerabilities From WordPress Plugins

← Back to Stories (view on slashdot.org)

Millions At Risk From Critical Vulnerabilities From WordPress Plugins

Posted by Unknown on Wednesday June 19, 2013 @05:42AM from the just-use-ur-web dept.

First time accepted submitter dougkfresh writes "Checkmarx's research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. Furthermore, a concentrated research into e-commerce plugins revealed that 7 out of the 10 most popular e-commerce plugins contain vulnerabilities. This is the first time that such a comprehensive survey was prepared to test the state of security of the leading plugins." It does seem that Wordpress continues to be a particularly perilous piece of software to run. When popularity and unsafe languages collide.

6 of 145 comments (clear)

Min score:

Reason:

Sort:

Re:Not an unsafe language... by Anonymous Coward · 2013-06-19 05:54 · Score: 4, Funny

It's not bad coding, those are just misunderstood features. SQL Injection? - That's just a back door we left in for convenience.
Re:Not an unsafe language... by Anonymous Coward · 2013-06-19 06:03 · Score: 5, Funny

I personally only use HTML9 Responsive Boilerstrap JS. If you're using any other framework then you're just wasting your time.
Here's a link for you poor slobs that haven't jumped on the bandwagon.
http://html9responsiveboilerstrapjs.com/
Re:In case you were wondering... by amicusNYCL · 2013-06-19 06:14 · Score: 1, Funny

...morons who don't know HTML or CSS even though I could teach both to a moderately intelligent monkey... ...actual web developers like me... ...beyond all hope.
br / . I think...
Yes, your mastery of HTML and websites is truly something to behold.

--
"Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
Re:In case you were wondering... by slashmydots · 2013-06-19 06:17 · Score: 3, Funny

ohhhhh that's right, my second degree is in software programming with .NET and ASP
Re:Every language is unsafe. by Anonymous Coward · 2013-06-19 06:41 · Score: 4, Funny

They could exploit GD.
The only solution is to have the user base64 encode the binary GIF data, print it and then snail mail it to you.
You can then build a dedicated PC that's not on the network, type out the base64 data, decode it and confirm it's a valid GIF. Then connect that PC to the network and upload the GIF on behalf of the user.
If the GIF was malicious you simply set that dedicated PC on fire, inform the user (via snail mail) "INVALID GIF IMAGE, PLEASE TRY AGAIN" and then buy another dedicated PC for the next GIF you receive.
It's the only way to be safe. I do this with my site and so far so good: I launched one year ago and I've received 1 GIF so far 3 months ago and I'm about 75% done typing all the base64 data. I hope to confirm his avatar picture by July 1st!
Re:Not an unsafe language... by ArcadeMan · 2013-06-19 07:32 · Score: 4, Funny

Is that a dog?

--
Get free satoshi (Bitcoin) and Dogecoins