Wordspew Plugin has security vulnerability

By • February 9, 2008 • No comments

Secunia has reported an “id” SQL injection vulnerability in the WordSpew plugin for WordPress. Here’s the description of the vulnerability:

DESCRIPTION: S@BUN has reported a vulnerability in the Wordspew plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the parameter “id” in wordspew-rss.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Author:

Read previous post:

Easily add unwidgetized WordPress plugins to widgetized sidebar with Custom Function Widgets plugin

One of the reasons I hesitated to use widgets is because there are many useful plugins that aren't widgets and…Continue...