Related Posts Plugin for WordPress, Blogger...
Custom Search

Monday, August 29, 2011

Avoid Dangerous Plugins for Platform !

20:04  infoblogging





Fellow bloggers certainly many who use more than one platform like Blogger and Wordpress. But we must be careful with plugins that platform.
Plugins wordpress malicious intention is wordpress plugins that contain viruses, worms, Trojan, or backdoor, etc, are potentially damaging, stealing data, overload the server, and makes us hated by the Google blog. Services wordpress is opensource and provides flexibility to third parties to develop plugins in addition to providing a positive impact, is also widely used by others for negative things.

Here I will explain in Wordpress plugins.

Plugins wordpress is not dangerous at all can be filtered properly by wordpress and wordpress itself states is not responsible for all the existing plugins. Therefore it is returned to the wordpress users to be careful in selecting and installing plugins. Here are some tips in choosing a safe plugins:

1. Avoid The Following Malicious Plugins.

Wordpress plugins available from the following hazardous http://www.milw0rm.com/ which contains information on potential vulnerabilities of a software and applications. Select the Search menu and enter the word wordpress will display wordpress plugins and potential dangers as follows:

  1. WordPress Plugin Download (dl_id) SQL Injection Vulnerability
  2. WordPress Plugin Sniplets 1.1.2 (RFI/XSS/RCE) Multiple Vulnerabilities
  3. WordPress Photo album Remote SQL Injection Vulnerability
  4. WordPress Plugin Simple Forum 1.10-1.11 SQL Injection Vulnerability
  5. WordPress Plugin Simple Forum 2.0-2.1 SQL Injection Vulnerability
  6. WordPress MU < 1.3.2 active_plugins option Code Execution Exploit
  7. WordPress Plugin st_newsletter Remote SQL Injection Vulnerability
  8. WordPress Plugin Wordspew Remote SQL Injection Vulnerability
  9. WordPress Plugin dmsguestbook 1.7.0 Multiple Remote Vulnerabilities
  10. WordPress Plugin WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit
  11. WordPress Plugin Adserve 0.2 adclick.php SQL Injection Exploit
  12. WordPress plugin fGallery 2.4.1 fimrss.php SQL Injection Vulnerability
  13. WordPress Plugin WP-Cal 0.3 editevent.php SQL Injection Vulnerability
  14. WordPress plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability
  15. WordPress Plugin Wp-FileManager 1.2 Remote Upload Vulnerability
  16. WordPress <= 2.3.1 Charset Remote SQL Injection Vulnerability
  17. WordPress Plugin PictPress <= 0.91 Remote File Disclosure Vulnerability
  18. WordPress Plugin BackUpWordPress <= 0.4.2b RFI Vulnerability
  19. WordPress Multiple Versions Pwnpress Exploitation Tookit (0.2pub)
  20. WordPress 2.2 (wp-app.php) Arbitrary File Upload Exploit     21107 R
  21. WordPress 2.2 (xmlrpc.php) Remote SQL Injection Exploit
  22. WordPress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit
  23. WordPress plugin myflash <= 1.00 (wppath) RFI Vulnerability
  24. WordPress plugin wordTube <= 1.43 (wpPATH) RFI Vulnerability
  25. WordPress plugin wp-Table <= 1.43 (inc_dir) RFI Vulnerability
  26. WordPress Plugin myGallery <= 1.4b4 Remote File Inclusion Vulnerability
  27. WordPress 2.1.2 (xmlrpc) Remote SQL Injection Exploit
  28. WordPress <= 2.0.6 wp-trackback.php Remote SQL Injection Exploit
  29. WordPress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit
  30. Enigma 2 WordPress Bridge (boarddir) Remote File Include
  31. WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit
  32. WordPress <= 1.5.1.3 Remote Code Execution eXploit (metasploit)
  33. WordPress <= 1.5.1.3 Remote Code Execution 0-Day Exploit
  34. WordPress <= 1.5.1.2 xmlrpc Interface SQL Injection Exploit
  35. WordPress <= 1.5.1.1 SQL Injection Exploit
  36. WordPress <= 1.5.1.1 “add new admin” SQL Injection Exploit
  37. WordPress Blog HTTP Splitting Vulnerability
  38. WordPress 2.8.1 (url) Remote Cross Site Scripting Exploit
  39. WordPress Plugin My Category Order <= 2.8 SQL Injection Vulnerability
  40. WordPress Privileges Unchecked in admin.php and Multiple Information
  41. WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability
  42. WordPress Plugin DM Albums 1.9.2 Remote File Disclosure Vulnerability
  43. WordPress Plugin DM Albums 1.9.2 Remote File Inclusion Vuln
  44. WordPress Plugin Photoracer 1.0 (id) SQL Injection
  45. WordPress Plugin Lytebox (wp-lytebox) Local File Inclusion
  46. WordPress Plugin fMoblog 2.1 (id) SQL Injection
  47. WordPress MU < 2.7 ‘HOST’ HTTP Header XSS Vulnerability
  48. WordPress plugin WP-Forum 1.7.8 Remote SQL Injection Vulnerability
  49. WordPress Plugin Page Flip Image Gallery <= 0.2.2 Remote FD Vuln
  50. WordPress Plugin e-Commerce <= 3.4 Arbitrary File Upload Exploit
  51. WordPress Media Holder (mediaHolder.php id) SQL Injection Vuln
  52. WordPress Plugin st_newsletter (stnl_iframe.php) SQL Injection Vuln
  53. WordPress 2.6.1 (SQL Column Truncation) Admin Takeover Exploit
  54. WordPress 2.6.1 SQL Column Truncation Vulnerability
  55. WordPress Plugin Download Manager 0.2 Arbitrary File Upload Exploit
  56. WordPress Plugin Spreadsheet <= 0.6 SQL Injection Vulnerability

2. Select The Plugin That Has Been Downloaded More Than a Thousand Times.

Select only plugin wordpress plugin that has been downloaded more than statistically thousands of times. Do not be a guinea pig of a plugin, make sure have a lot to download the plugin which is pretty safe.

3. Visit The Manufacturer's Website Wordpress Plugin.

Check the comments on the site owners of the plugin. Avoid wordpress plugins plugin creators site contains negative comments.

4. See The Plugin Maker's Reputation.

Select the plugin wordpress plugin made ​​by someone who has a good reputation or had made some plugins that are not dangerous. Although this is not a guarantee, but at least the plugin maker's credibility could be one of the benchmarks.

5. Scan Using The Antivirus Plugin.

To perform a scan of a plugin should download them first plugin wordpress plugin to your computer before it is installed so that we can directly scan. Most of the hosting server does not have anti virus, so we should still rely on the existing anti-virus on our computer. One of two fairly reliable antivirus is AVG Free Edition and Avast Free Edition detected a backdoor on a PHP file.

Wordpress plugins dangerous above is just a fraction of the plugin wordpress plugin is a plugin that most good and assist in negblog in wordpress. Therefore we as users should remain cautious and intelligent in choosing plugin.


Do you Like this Post ?

Get Free Email Updates Daily!

Follow us!

Free Sitemap Generator
Posted in: ,,,

1 Comment:

Post a Comment

Do you like this post? Give your comment...

Subscribe to Posts (Atom)

Add to Google Reader or Homepage

Subscribe in Bloglines


Subscribe via Email



Get Tweets!

 
Return to Top