Pin It

Wordpress Plugin Easy Comment Uploads Vulnerability - Thousands Of Websites Vulnerable


Wordpress as you might know is one of the most widely used blogging platforms, As a reason of which it has became the favorite target of hackers. Wordpress itself is quite secure, however the plugins make it unsecure resulting in hack attacks, data loss etc, when they are created the developers do not think of the security or do not know how to write the secure code, hence skipping lots of necessary checks making the plugins vulnerable to attacks like SQLInjetion, Remote File inclusion etc.


One of those popular vulnerable plugin is Easy Comment Upload plugin, The version 0.61 and prior versions are affected with Arbitrary File Upload Vulnerability. The plugin fails to check the upload file type as a reason of which it can be exploited by uploading a Phtml file.




There are thousands of wordpress blogs still vulnerable to this attack. The vulnerability can be fixed by updating the wordpress easy comments plugin to version 0.71.

If you want to know more about Protecting your wordpress blog from hackers you can refer the following posts, If you still think your blog is vulnerable drop me an email and I will perform a security assessment on your blog.

Subscribe to our Newsletter and receive updates directly via email - Get Ethical hacking and security tips directly to your inbox. Alternatively you can Join our Hackers Community on Facebook , Google+ and Twitter .

At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.

Subscribe to RHA


Enjoyed this article?
Subscribe to "Rafay Hacking Articles" and get daily updates in your inbox for free!


Tags:


Kindly Bookmark it and Share it with Friends:

4 comments :

Anonymous said...

Hello,

I need the plugin functionality but I am afraid of secure problems... You wrote about version 0.71 - but I can not find it at wordpress.org. There is only 1.01: http://plugins.svn.wordpress.org/easy-comment-uploads/tags/1.01/ Why so and does the new version has secure problems?

Anonymous said...

When the man I love broke up with me, my world fell apart. I had gone to several casters and I got no results or insufficient ones. I found samodaspellhome@gmail.com and gave another try to retrieve my lover and restore the passionate relationship I had with him. I’m so glad I did and trusted her. She performed a spiritual cleansing to banish negative energies and cast a love spell. After 3days, the man I missed dearly started to call me and told me few days ago that he still loves me and wants to try again. Thank you

Anonymous said...

Hello, my name is Dmitry. I met my girlfriend 4 years, after which she left me and went to another. I could not stand it, I wanted to return it because I love her very much, and residents without it I can not, I wanted to return it on their own but to no avail, I decided to ask for help to the mage first, I turned to the man he swore to me that will help but the result was not it was a charlatan, not enough money and effort I spent that would find the person who really helps Thank you very much Dmitry I'm very, very grateful I'll pray for you, you are my savior mag-dmitriiy@bk.ru

Anonymous said...

that amazing

Dare to ask? :)

Blog Archive

 

Recent Comments

About

Rafay Baloch is an Independent security researcher, Internet marketer, Entrepreneur and a SEO consultant, He is the founder of RHA blog and multiple other blogs. Rafay got famous after finding a Remote Code Execution bug inside PayPal for which PayPal awarded him a sum of 10,000$ Read More..

Join In!

RHA © 2013. All Rights Reserved.