[WEB SECURITY] Security of themes for WordPress

MustLive mustlive at websecurity.com.ua
Mon Feb 14 13:40:36 EST 2011


Hello participants of Mailing List.

In 2009 I already told you about security of plugins for WordPress
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2009-November/005888.html).
And from that time I've updated that list of vulnerable plugins. And now
I'll tell you about different vulnerabilities in themes for WordPress.

Similarly to plugins, themes for WordPress also have vulnerabilities. Last
week in my post Security of themes for WordPress
(http://websecurity.com.ua/4915/) I made a summary about all vulnerabilities
in themes for WP, which I found during 2007-2011.

In this list multiple vulnerabilities in 93 themes for WordPress are
mentioned. Including Cross-Site Scripting, Full path disclosure, Abuse of
Functionality and Denial of Service vulnerabilities.

So take care of your themes (as of your plugins) for WordPress and web sites
which use them.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua






More information about the websecurity mailing list