WordPress and Annotum for Education, Science,Journal Publishing

Outdated versions of three popular WordPress plugins suffer from a "critical" zero-day vulnerability that enables an attacker to take over a website.

The bug is a PHP object injection flaw that affects the following plugins: Appointments (versions prior to 2.2.2), Flickr Gallery (versions prior to 1.5.3), and RegistrationMagic-Custom Registration Forms (versions prior to 3.7.9.3).

Together, those plugins have a combined user base of over 21,000 WordPress customers. All three have already received a fix for the security issue, which is rated "Critical" with a CVSS rating of 9.8.

 Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing/?&tag=Cybersecurity

NextGEN Gallery is an extraordinarily popular plugin for self-hosted WordPress websites, having been downloaded over 16.5 million times.

The software’s widespread popularity (it claims to have been “the industry’s standard WordPress gallery plugin” since 2007) makes it an seemingly obvious choice for website owners looking to add image galleries to their sites.

Researchers at Sucuri uncovered a severe SQL injection vulnerability in NextGEN Gallery’s code which could be used by a malicious attacker to steal sensitive information such as hashed passwords and WordPress secret keys:

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing/?&tag=Cybersecurity

WordPress is the most popular blogging tool available. And blogging isn't just for personal use now. It has turned into a great marketing tool that can help spread the word about your product or service. Naturally, if you decide to take on a blog for your company, you'll want to make sure it has as much in the way of features and flexibility as you can get. WordPress offers just that in the way of plugins.

Thousands of plugins are available, and "essential" is in the eye of the blogger. But I've rounded up five that I think are highly useful no matter what kind of blog you maintain.

Read more:

http://www.techrepublic.com/photos/five-plugins-that-add-essential-wordpress-features/6372566?tag=nl.e101

Von wegen Sicherheit: Unter dem Deckmantel eines legitimen WordPress-Plugin richtet X-WP-SPAM-SHIELD-PRO eine Backdoor auf Webseiten ein.

Wer auf seiner WordPress-Webseite das Plugin X-WP-SPAM-SHIELD-PRO installiert hat, sollte dieses schleunigst deinstallieren: Das Fake-Sicherheits-Plugin ist Malware und richtet unter anderem einen Fernzugriff für die Drahtzieher des Zusatzmoduls ein, warnen Sicherheitsforscher von Sucuri.

Die Betrüger missbrauchen dabei den Namen des legitimen Sicherheits-Plugins WP-SpamShield Anti-Spam, welches Spam von WordPress-Seiten fernhalten soll. X-WP-SPAM-SHIELD-PRO ist nicht im offiziellen Plugin-Bereich von WordPress zu finden. Es stammt aus einer von den Sicherheitsforschern nicht näher beschriebenen Quelle. Aus Sicherheitsgründen ist es ratsam, nur Plugins aus der offiziellen Quelle zu installieren.

Learn more / En savoir plus / Mehr erfahren:

http://www.scoop.it/t/wordpress-annotum-for-education-science-journal-publishing/?&tag=Cybersecurity

Plugins can extend WordPress to do almost anything you can imagine. In the directory you can find, download, rate, and comment on all the best plugins the WordPress community has to offer.

21,235 PLUGINS, 345,801,245 DOWNLOADS, AND COUNTING

Read more:

http://wordpress.org/extend/plugins/