WordPress Stats Plugin Vulnerability Plugged

ray — Tue, 31 Jul 2007 20:25:10 +0000

I usually don’t mention WordPress vulnerabilities here, but since I use WordPress and the vulnerable plugin I figured I’d mention it (now that I’m patched).

The WordPress Stats plugin by Automattic (Andy Skelton ) had a critical SQL injection vulnerability that could allow admin credentials to be stolen. The vulnerability was patched in version 1.1.1 and was released July 27th.

I typically turn off (deactivate) plugins before updating them and in this case I had to re-enter the API key when activating the updated plugin.

Site Upgraded to WordPress 2.2

ray — Wed, 30 May 2007 14:48:12 +0000

The web site was upgraded to WordPress 2.2 last night. One of the changes made to WordPress 2.2 is that Widgets are now part of the core software and not enabled through a plugin. Widgets can be used on the sidebar and I do use them.

The upgrade seems to have screwed up which widgets are used on the sidebar. I’ve actually removed all widgets from the configuration so they might go away and the default sidebars will return. In any case, I’m planning a major site redesign from now until the weekend which will make the problem moot. [Update: The problem is unique to this theme - tiga 1.02 - which is listed as non-compatible so the problem should be resolved by the weekend when I change themes.]

Since I want to be at WordPress 2.2 for the upgrade I’m leaving things they way they are. ~~Apologies for the slightly bizarre sidebars.~~ [Updated 6/1 - with the theme update ths problem no longer exists]

Spam Chronicles» wordpress

WordPress Stats Plugin Vulnerability Plugged

Related Posts:

Site Upgraded to WordPress 2.2

Related Posts: