Millions At Risk From Critical Vulnerabilities From WordPress Plugins 145
First time accepted submitter dougkfresh writes "Checkmarx's research lab identified that more than 20% of the 50 most popular WordPress plugins are vulnerable to common Web attacks, such as SQL Injection. Furthermore, a concentrated research into e-commerce plugins revealed that 7 out of the 10 most popular e-commerce plugins contain vulnerabilities. This is the first time that such a comprehensive survey was prepared to test the state of security of the leading plugins."
It does seem that Wordpress continues to be a particularly perilous piece of software to run. When popularity and unsafe languages collide.
Re:Not an unsafe language... (Score:4, Funny)
It's not bad coding, those are just misunderstood features. SQL Injection? - That's just a back door we left in for convenience.
Re:Not an unsafe language... (Score:5, Funny)
I personally only use HTML9 Responsive Boilerstrap JS. If you're using any other framework then you're just wasting your time.
Here's a link for you poor slobs that haven't jumped on the bandwagon.
http://html9responsiveboilerstrapjs.com/
Re:In case you were wondering... (Score:2, Funny)
...morons who don't know HTML or CSS even though I could teach both to a moderately intelligent monkey... ...actual web developers like me... ...beyond all hope. / . I think...
br
Yes, your mastery of HTML and websites is truly something to behold.
Re:In case you were wondering... (Score:4, Funny)
Re:Every language is unsafe. (Score:4, Funny)
They could exploit GD.
The only solution is to have the user base64 encode the binary GIF data, print it and then snail mail it to you.
You can then build a dedicated PC that's not on the network, type out the base64 data, decode it and confirm it's a valid GIF. Then connect that PC to the network and upload the GIF on behalf of the user.
If the GIF was malicious you simply set that dedicated PC on fire, inform the user (via snail mail) "INVALID GIF IMAGE, PLEASE TRY AGAIN" and then buy another dedicated PC for the next GIF you receive.
It's the only way to be safe. I do this with my site and so far so good: I launched one year ago and I've received 1 GIF so far 3 months ago and I'm about 75% done typing all the base64 data. I hope to confirm his avatar picture by July 1st!
Re:Not an unsafe language... (Score:5, Funny)
Is that a dog?