For all those not reading security mailinglists. It is time to upgrade your WordPress blog (if you are among those, not using Serendipity). Today WordPress 2.0.6 was released that fixes several security vulnerabilities. Among these security fixes are two dangerous vulnerabilities reported by us.
The first vulnerability is an XSS (Cross Site Scripting) hole in WordPress's own CSRF protection. [READ MORE]
And the second vulnerability is a very interesting SQL injection. Very interesting, because it abuses charset conversion support to bypass the database escaping routines. Our demo exploit uses UTF-7. [READ MORE]
Both vulnerabilities have the potential to compromise the admin account, which in case of WordPress might allow arbitrary PHP code execution due to WordPress features.
It seems at the 23C3 Stefano Di Paola has disclosed a universal XSS vulnerability through the Adobe PDF Plugin. Due to this vulnerability it is possible to launch XSS attacks against any site having PDF files. An example is for example:
UPDATE: Just for the record. This issue has been fixed in the latest updates for the Adobe PDF Plugin.This does however not change the fact that the majority of users most probably still run vulnerable versions.