Hi there,
here's an update to this advisory. Affected Versions are now <= 1.2.1.
Reasoning:
I noticed, that the author tried to fix this bug by implementing validation
via regex matching.
Sadly, that regex can be bypassed easily because it only checks if a valid
date string is in the GET param. T
OK, well - before I get 1 replies: the question was a rhetoric one.
2010/3/1 Benji
> http://crowdfavorite.com/ loads fine here.
>
> On Mon, Mar 1, 2010 at 4:03 PM, Jan G.B. wrote:
>
>> Hi there,
>>
>> I just noticed that authenticated users for the admin area of a wordpress
>> blog may inje
http://crowdfavorite.com/ loads fine here.
On Mon, Mar 1, 2010 at 4:03 PM, Jan G.B. wrote:
> Hi there,
>
> I just noticed that authenticated users for the admin area of a wordpress
> blog may inject code into database queries, when the plugin "Analytics360"
> is activated.
>
> ### BASIC INFORMAT
Hi there,
I just noticed that authenticated users for the admin area of a wordpress
blog may inject code into database queries, when the plugin "Analytics360"
is activated.
### BASIC INFORMATION ###
Plugin Name: Analytics360
Plugin URI:
http://www.mailchimp.com/wordpress_analytics_plugin/?pid=wo
