[PLUG] vulnerability published for wordfence wordpress plugin yesterday

I shared this with a few of my friends and I thought this might be of interest to the list.:

http://www.waraxe.us/advisory-109.html

Wordfence is an incredibly common security plugin for wordpress. If you read through the exploits it's not terribly severe but an estimated 2 million wordpress sites are effected. Basically, if you are running an old wordpress with php 5.4 this opens yet another security hole in your swiss cheese installation because it opens the the possibility of remote file inclusion because of wordfence. Even if your wordpress and php are up to date they can use another vulnerability in your outdated wordfence to find the version of your wordpress,themes and plugins which make an attack even easier. Moral of the story: Wordfence alone won't protect you, always keep your wordpress, your theme and your plugins up to date at all times.

Michael Lazin

to gar auto estin noein te kai ennai

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug