Jul 5, 2012

Uploadify, including new security threat in WordPress plugins and themes

Filled under: ,

Uploadify, including new security threat in WordPress plugins and themes
If you already warned about the danger of Timthumb used as thumbnails management system for many WordPress themes, is now another script, that to facilitate uploading files , and used both as plugins WordPress themes, which threatens the integrity of any installation of WordPress unaware of its danger.

According to several reports from the web specializing in computer security Sucuri , Uploadify , a script that allows unregistered users without credentials in WordPress, upload files to the server, is a potential security threat, it can be used to open backdoors, inserting Trojans or whatever.

It is true that it is very useful and easy actions like anonymous users to participate in a community created for WordPress by uploading pictures or the like, but this same facility is its danger .

Popular subjects such as WooThemes , or used as plugins so Uploader , WP Symposium or 1 Flash Gallery , use this script for this task, so it would likely open doors to unwanted code injections . 

Find out if your subject or a WordPress plugin uses this script searches the entire directory " / wp-content / "folder and any subdirectories named" Uploadify "or file" uploadify.php "and if you're not sure use or you can dispense with it, turn it off immediately , and seek another solution for your visitors.

 You can also do a check using a script that created Sucuri. Download this file (sucuri_wp_check.txt), rename it by changing the extension txt to php and upload it to the root directory of your WordPress install and run it like this:

http://tudominio.com/sucuri_wp_check.php 


The script tells you aware of potential vulnerabilities as Uploadify Timthumb.

0 comments:

Post a Comment