[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Security of themes for WordPress
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] Security of themes for WordPress
- From: "MustLive" <mustlive@xxxxxxxxxxxxxxxxxx>
- Date: Mon, 14 Feb 2011 20:46:31 +0200
Hello participants of Mailing List.
In 2009 I already told you about security of plugins for WordPress
(http://lists.grok.org.uk/pipermail/full-disclosure/2009-November/071553.html).
And from that time I've updated that list of vulnerable plugins. And now
I'll tell you about different vulnerabilities in themes for WordPress.
Similarly to plugins, themes for WordPress also have vulnerabilities. Last
week in my post Security of themes for WordPress
(http://websecurity.com.ua/4915/) I made a summary about all vulnerabilities
in themes for WP, which I found during 2007-2011.
In this list multiple vulnerabilities in 93 themes for WordPress are
mentioned. Including Cross-Site Scripting, Full path disclosure, Abuse of
Functionality and Denial of Service vulnerabilities.
So take care of your themes (as of your plugins) for WordPress and web sites
which use them.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/