{{in the early evening}} July 22nd, 2008 › Pwnie’s 2008
WordPress seems to have had the dubious pleasure of been nominated for the 2008 Pwnie Awards in the “Mass 0wnage” category:
It seems like hardly a week goes by without a new vulnerability in WordPress or one of its many plugins. Many of them are actively being exploited to own popular WordPress blogs and use them to serve spam or client-side exploits to unsuspecting visitors. The popularity of WordPress combined with the abysmal security practices of WordPress plugin developers places the entire Internet at risk and is worthy of a nomination.
To be fair many of the vulnerabities that are reported are within plugin code rather than the core. For more information on the CVEs reported for WordPress and WordPress plugins this year you can head over to the codex.
if the CVEs project is done, you can tell us what plugin that have risk vulnerabities
Comment by Ardhi — 25/7/2008 @ 3:27 pm §
@Ardhi: To find out what plugins have vulnerabilites you need to read through each of the CVEs that refer to plugins and then check with the plugin uthor to se if they hve fixed the issue.
Comment by westi — 26/7/2008 @ 7:57 am §
@westi..thanks for your advice
Comment by Ardhi — 26/7/2008 @ 10:59 am §
I think it’s interesting that it tends to be the plugins which have vulnerabilities not the tool itself, there’s a careful difference to distinguish between the two.
Comment by Christopher Ross — 23/10/2008 @ 8:07 pm §
@ Christopher Ross…Thanks for your advice
Comment by Ardhindie — 24/10/2008 @ 3:42 pm §
RSS feed for comments on this post. TrackBack URI
Leave a comment