Wordpress Plugin Easy Comment Uploads Vulnerability - Thousands Of Websites Vulnerable

Wordpress as you might know is one of the most widely used blogging platforms, As a reason of which it has became the favorite target of hackers. Wordpress itself is quite secure, however the plugins make it unsecure resulting in hack attacks, data loss etc, when they are created the developers do not think of the security or do not know how to write the secure code, hence skipping lots of necessary checks making the plugins vulnerable to attacks like SQLInjetion, Remote File inclusion etc.


One of those popular vulnerable plugin is Easy Comment Upload plugin, The version 0.61 and prior versions are affected with Arbitrary File Upload Vulnerability. The plugin fails to check the upload file type as a reason of which it can be exploited by uploading a Phtml file.




There are thousands of wordpress blogs still vulnerable to this attack. The vulnerability can be fixed by updating the wordpress easy comments plugin to version 0.71.

If you want to know more about Protecting your wordpress blog from hackers you can refer the following posts, If you still think your blog is vulnerable drop me an email and I will perform a security assessment on your blog.