The initial version of the project BlogSecurify designed by the teams of GNUCITIZEN and BlogSecurity is ready to be tested.
To be able to use it, and to demonstrate that the blog to analyze is yours, you must include in some file of the template of your blog one of these comments:
If you do not want to edit the template you also have the possibility of install this plugin that does it for you.
Note: The old project wp-scanner will still be active until BlogSecurify reaches a stable development level.
Note 2: In my case not I have managed to carry out the scan, neither including the comments nor with the plugin. I do not know if it's because of the early stage of development or why. If someone manages to make it known,
Steven J. Murdoch has discovered a vulnerability in WordPress 2.5 that may allow a registered user to get administrator access to the blog . Only blogs with WP 2.5 that allow their users to register user accounts are vulnerable.
Found a vulnerability in the WordPress plugin Spreadsheet (wpSS).
The vulnerability of SQL Injection can allow an attacker to compromise your database and, potentially, your blog and even the web server .
A public exploit has been issued in milw0rm by 1ten0.0net1 .
The 'ss_id' parameter within of ss_load.php does not have a correct output before passing to the database
It is reported that all versions prior to 0.6 are vulnerable . As the plugin page is not available now it is not possible to check if version 0.61 (published in August 2007) is secure.
While it is not possible to verify, or if you have an earlier version, it is absolutely recommended that you deactivate it.