Vulnerabilities in Photo Album WP Plugin?
Have you been using the Photo Album for wordpress plugin in your sites?
If you have been doing so, you better read this release from Weblog Tools Collection. It’s been reported that there had been multiple SQL injection vulnerabilities within the plugin.
Here’s an excerpt:
Multiple vulnerabilities have been identified in Photo Album (plugin for WordPress), which could be exploited by remote attackers to execute arbitrary SQL queries. These issues are caused by input validation errors in the “wppa.php” script when passing user-supplied parameters (e.g. “photo” or “album”) to certain functions (e.g. “wppa_album_name()” or “wppa_photo_name()”), which could be exploited by malicious people to conduct SQL injection attacks.
Better turn off that plugin for now, I guess.
Filed under: Blogging by Prudence
Leave a Reply