WordPress Username Enumeration using HTTP Fuzzer

In many WordPress blogs, it’s possible to enumerate WordPress users using a well-known feature/bug related to author archives. This works if the following conditions are met: WordPress permalinks are enabled. By default WordPress uses web URLs which have question marks and lots of numbers … [+]

Known vulnerabilities found in popular WordPress plugins

WordPress Caching Plugins Remote PHP Code Execution

Two very popular WordPress caching plugins: WP Super Cache (4,373,811 downloads) and W3 Total Cache (1,975,480 downloads) have been affected by a vulnerability that allows remote users to execute arbitrary PHP code. The affected versions are: WP Super Cache (version 1.2 and below, … [+]

The Acunetix Team have found a pingback vulnerability in the new WordPress 3.5 build

WordPress Pingback Vulnerability

Recently somebody posted on Reddit about a WordPress scanner that is taking advantage of a new WordPress vulnerability. The vulnerability is abusing the Pingback system, which is a well-known feature that’s used by a lot of bloggers. What is a … [+]

AcuSensor Technology in action; finding backdoors in web applications

AcuSensor Technology in action; finding backdoors in web applications

On March 2, 2007 the following was posted on the WordPress blog: Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you … [+]