Switzerland-based information security company High-Tech Bridge has discovered two SQL injection vulnerabilities in the All In One WordPress Security and Firewall plugin for blogging platform WordPress.
The researchers tested on version 3.8.2, but indicated in a Wednesday post that versions prior to 3.8.2 are also likely to be impacted.
High-Tech Bridge notified the vendor and issued an advisory on Wednesday, but will not publically release technical details on the issues – which it deems medium risk – until Sept. 24, according to the post.
The All In One WordPress Security and Firewall plugin “reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques,” according to WordPress.org. It has more than 400,000 downloads.
Monday, September 8, 2014