WordPress WP-Forum plugin security vulnerability

By • January 22, 2008 • 2 Comments

Heads up to any users of the WP-Forum WordPress plugin: Secunia has reported that it can be exploited by malicious people to conduct SQL injection attacks. Too bad – just when I was looking for a simple forum solution for a WordPress blog.

Author:

Ryan

I find SMF is the easiest forum to integrate with WordPress. There is a bridge to integrate the usernames and the SMF SSI.php file is quite handy for displaying forum data in other parts of the blog.

I have a test blog with an SMF forum built at ryanhellyer.net/test/flytrapgrowing_beta1/forum/. I’ve set it up so that the blog posts are controlled by SMF and appear in the forum as well as on each post. It’s still quite buggy at this stage, but it’s a proof of concept at least.

The big advantage of using a plugin is that they presumably tie into your WordPress theme quite nicely, whereas SMF needs to be quite heavily reskinned or it will look very out of place. SMF also has a lot of extraneous junk which you may not want for a simple forum, so you need to remove all that too which you wouldn’t need to do with a WordPress plugin as they’re likely to be quite basic straight out of the box.

In theory I would have thought that bbPress would be a perfect candidate for integration with WordPress, but I found the integration between the two wasn’t particularly well polished so I gave up on it. Perhaps things will improve in future versions, but at this stage it seems a little too simple for it’s own good and the quality of some of the plugins in the official bbPress plugins directory is very poor (lots of bugs, errors etc).
Pingback: Is WordPress’ security vulnerable at its core? | Wordpress Garage()

Read previous post:

Consumer evangelists vs. lawyers: using “WordPress” in domain names

Michael over at WPCandy brought up the question recently of whether it's ok to use the word "WordPress" in the…Continue...